user login and preventing access to non-html files

Forum Moderators: coopster

Message Too Old, No Replies

user login and preventing access to non-html files

icpooreman

6:21 pm on Jan 16, 2006 (gmt 0)

I built a user login for my site with php and it works great. The problem is that I want to put some .doc and .pdf files up on the web that only a logged in user can access and I don't want the user to have to enter another username/password I want to use the current system I've got now (which is just checking cookies and a database to see if you're logged in at the beginning of restricted pages). This doesn't have to be done with php but somehow I want to base whether or not you can view the files based on whether you're already logged in.

timster

6:47 pm on Jan 16, 2006 (gmt 0)

You can place your pdf and other pages outside the web server's root directory, and let PHP go get them as needed, e.g.,

<?php
if is_logged_in() {
header('Content-type: application/pdf');
include("/file.pdf");
} else {
# forward to login page?
}
?>

vincevincevince

7:01 pm on Jan 16, 2006 (gmt 0)

It would be better to use this, as the above method has security flaws (i.e. php code within the PDF file would be executed!)


<?php
if is_logged_in() {
header('Content-type: application/pdf');
print file_get_contents("/file.pdf");
} else {
# forward to login page?
}
?>

timster

8:54 pm on Jan 16, 2006 (gmt 0)

3-Vince is right of course -- his way is better.

icpooreman

9:16 pm on Jan 16, 2006 (gmt 0)

Thanks that was exactly what I needed