Displaying customer invoices (PDF) on PHP site
Posted: Sun Aug 08, 2010 6:59 pm
Good evening everyone. I'm just starting to learn PHP. I'm creating a very simple login script that will allow my customers to login and view their invoices which are saved as PDF files. I've created the script and everything works fine when the PDFs are stored on the Apache server. I'm running ubuntu server 10.04 with LAMP. I have written a VB.NET program which my sales team uses to track info about the customers - including invoices, so the invoices are always saved on a Samba share on the same server. I'm wondering how to go about displaying a PDF file located in another directory.
Currently I have
Apache
|-WWW
|-Invoices
| |- Smith, Joe - Invoice.pdf
| |- Williams, Mike - Invoice.pdf
|- InvoiceLogin.php
|- Invoices.php
InvoiceLogin.php is simple form Invoices.php access MySQL and then shows only current user file(s) as a link to /Invoices/FILE. My problem with this is that anyone can circumvent the login by navigating to mydomain.com/Invoices/Smith, Joe - Invoice.pdf, allowing to view any invoice if they know the first and last name of the customers.
Does anyone have any suggestion on what I should do to remove the Invoices folder. All invoices are currently save in \\SERVER\Customer Source\Files\Customer Documents already.
Thank you for all suggestions,
-R
Currently I have
Apache
|-WWW
|-Invoices
| |- Smith, Joe - Invoice.pdf
| |- Williams, Mike - Invoice.pdf
|- InvoiceLogin.php
|- Invoices.php
InvoiceLogin.php is simple form Invoices.php access MySQL and then shows only current user file(s) as a link to /Invoices/FILE. My problem with this is that anyone can circumvent the login by navigating to mydomain.com/Invoices/Smith, Joe - Invoice.pdf, allowing to view any invoice if they know the first and last name of the customers.
Does anyone have any suggestion on what I should do to remove the Invoices folder. All invoices are currently save in \\SERVER\Customer Source\Files\Customer Documents already.
Thank you for all suggestions,
-R