Hi people
I have a member service (php session login) where members can prurchase credits and then exchange these for PDF downloads.
All the PDF's are held within a particular folder
In the standard way in order to download/access the pdf a member must be logged in and have sufficient credits else they are forced to error pages.
However if somebody knew the address to where the PDF's are kept they would have complete access to these products without ever having registered or purchased credits...which obviously is a bit of a problem to the business!!
I was hoping whether any of you knew any good techniques and methods to protect this folder from "intruders" while linking in with my current PHP login and credit scripts???
Thanks in advance, this would be a life saver!!!
alex
Protecting a folder
Moderator: General Moderators
I was thinking about something completely different during reply and need to remove this post so that I don't confuse people.
I appologize.
Keep reading for the suggestion I should have given.
I appologize.
Keep reading for the suggestion I should have given.
Last edited by JAM on Thu Sep 01, 2005 9:48 am, edited 1 time in total.
ok that makes alot of sense
so from what u are saying i place the folder of pdf's outside the webroot.....
......then i have my download script as at present which checks login and if they have sufficient credits....
and lastly instead of at present where my header(Location:...) redirects to a pdf in a folder inside my web root it will redirect to this new folder outside of the webroot?
is my interpretation correct?
thanks for you help
so from what u are saying i place the folder of pdf's outside the webroot.....
......then i have my download script as at present which checks login and if they have sufficient credits....
and lastly instead of at present where my header(Location:...) redirects to a pdf in a folder inside my web root it will redirect to this new folder outside of the webroot?
is my interpretation correct?
thanks for you help
Almost, you can't redirect to a folder outside the webroot, you can send varous Content-Type headers and pass the file through,hame22 wrote:and lastly instead of at present where my header(Location:...) redirects to a pdf in a folder inside my web root it will redirect to this new folder outside of the webroot?
Something like: (from the PHP manual for header().
Code: Select all
<?php
// We'll be outputting a PDF
header('Content-type: application/pdf');
// It will be called downloaded.pdf
header('Content-Disposition: attachment; filename="downloaded.pdf"');
// The PDF source is in original.pdf
readfile('original.pdf');
?>Of course, you'd need to change the 'original.pdf' to the full path to the file outside the webroot.