Page 1 of 1

Help with PHP and document control!!

Posted: Thu Jul 17, 2008 11:53 am
by dwills898
Hi, this is my goal, I want users to be able to upload documents to my website, then I want other users to be able to preview a portion of the document, and then choose to purchase it if the want to. Then I want the user to be able to view the document they purchased, but I need a way to stop them from turning around and reposting the document on my website as their own?? Anyone have any suggestions. I figured using pdf would be the best idea?? The way amazon.com lets you preview and buy books online is sorta what Im talking about.
Any help is greatly appreciated
Thanks
Don

Ideally I would also want to try to limit the user's ability to email the document to his friends ....but I dunno if that is possible.....

Re: Help with PHP and document control!!

Posted: Thu Jul 17, 2008 12:15 pm
by WebbieDave
You said:
dwills898 wrote:I want users to be able to upload documents to my website
Then:
dwills898 wrote:I need a way to stop them from turning around and reposting the document on my website
You'll need to search the content of what's being uploaded and compare it to previously uploaded content.
dwills898 wrote:I would also want to try to limit the user's ability to email the document to his friends
You could ask them nicely to refrain from such activity but that's about it. You could look into DRM but that would require that you own/control the documents .

Re: Help with PHP and document control!!

Posted: Thu Jul 17, 2008 12:26 pm
by Dynamis
WebbieDave wrote:You said:
dwills898 wrote:I want users to be able to upload documents to my website
Then:
dwills898 wrote:I need a way to stop them from turning around and reposting the document on my website
You'll need to search the content of what's being uploaded and compare it to previously uploaded content.
I love bit manipulation, if you haven't seen my latest post. One thing you could do is change a bit in the header of the file once its uploaded to your site, and when a user tries to upload another file w/ the bit already set, don't allow it. Much easier than search through all uploaded files and comparing. Let me know if you need more info.

Re: Help with PHP and document control!!

Posted: Thu Jul 17, 2008 12:28 pm
by dwills898
[/quote]
I love bit manipulation, if you haven't seen my latest post. One thing you could do is change a bit in the header of the file once its uploaded to your site, and when a user tries to upload another file w/ the bit already set, don't allow it. Much easier than search through all uploaded files and comparing. Let me know if you need more info.[/quote]

YES! that is exactly what I was thinking, scan the file to see if it came from my site, more info on that would be greatly appreciated!!
Don

Re: Help with PHP and document control!!

Posted: Thu Jul 17, 2008 12:46 pm
by Dynamis
dwills898 wrote:YES! that is exactly what I was thinking, scan the file to see if it came from my site, more info on that would be greatly appreciated!!
Don
So most(all?) file types have a file header which tells programs how to interpret what kind of content it is reading. Normally it is the first 50+ bytes of data. So you read in the uploaded file, and perform byte manipulation on it BASED on the file type (since each will have a different header).

For an example, lets use a .bmp file. I know this doesn't pertain to you, but you should get the idea and know how to do this once I finish explaining. So the user uploads a .bmp file (Tutorial). In this tutorial you save the contents of the file in the $content variable:

Code: Select all

$content = fread($fp, filesize($tmpName));
Now that you have the contents, you want to edit a specific byte that you can check later to see if this file came from your website. So you need to look at the header format of a .bmp file, found using google, Here. As you can see in the header, bytes 2-5 (size of BMP file in bytes (unreliable)) is listed as unreliable 1, and is most likely not used to read a file anyway. So we will change these bytes to whatever we want. Say you want to make your .bmp signature (the thing you can later check to see if it is from your site) byte 4 = "N" and byte 5 = "O". So changing the content is now simple:

Code: Select all

$content[4] = "N";
$content[5] = "O";
Then you proceed to save the content to your database or as a .bmp somewhere on your server. The encryption is done. Next time someone uploads a .bmp you check if $content[4] == "N" and $content[5] == "O", if so, don't allow them to upload it.

Also, some headers may not have a suitable byte for you to change, in this case, you can probably change the first 2-4 bytes of data, or last 2-4 bytes of data without it causing much damage to the file. In the case of a .bmp, the first 2 bytes of data are bytes 54 and 55, and the last two would be the strlen($content)-2 and strlen($content)-1.

So now to your situation. To make this work for a pdf, search for the format of a pdf header, figure out what bytes in the header you want to change, or where the actual page data starts (if there are no available bytes to change in the header), change a byte, or two, or four, to whatever you want to later check, save the file, and you should be good to go. Hope this helps. Shout if you need more clarification.

Re: Help with PHP and document control!!

Posted: Thu Jul 17, 2008 1:32 pm
by dwills898
Dynamis wrote:
dwills898 wrote:YES! that is exactly what I was thinking, scan the file to see if it came from my site, more info on that would be greatly appreciated!!
Don
So most(all?) file types have a file header which tells programs how to interpret what kind of content it is reading. Normally it is the first 50+ bytes of data. So you read in the uploaded file, and perform byte manipulation on it BASED on the file type (since each will have a different header).

For an example, lets use a .bmp file. I know this doesn't pertain to you, but you should get the idea and know how to do this once I finish explaining. So the user uploads a .bmp file (Tutorial). In this tutorial you save the contents of the file in the $content variable:

Code: Select all

$content = fread($fp, filesize($tmpName));
Now that you have the contents, you want to edit a specific byte that you can check later to see if this file came from your website. So you need to look at the header format of a .bmp file, found using google, Here. As you can see in the header, bytes 2-5 (size of BMP file in bytes (unreliable)) is listed as unreliable 1, and is most likely not used to read a file anyway. So we will change these bytes to whatever we want. Say you want to make your .bmp signature (the thing you can later check to see if it is from your site) byte 4 = "N" and byte 5 = "O". So changing the content is now simple:

Code: Select all

$content[4] = "N";
$content[5] = "O";
Then you proceed to save the content to your database or as a .bmp somewhere on your server. The encryption is done. Next time someone uploads a .bmp you check if $content[4] == "N" and $content[5] == "O", if so, don't allow them to upload it.

Also, some headers may not have a suitable byte for you to change, in this case, you can probably change the first 2-4 bytes of data, or last 2-4 bytes of data without it causing much damage to the file. In the case of a .bmp, the first 2 bytes of data are bytes 54 and 55, and the last two would be the strlen($content)-2 and strlen($content)-1.

So now to your situation. To make this work for a pdf, search for the format of a pdf header, figure out what bytes in the header you want to change, or where the actual page data starts (if there are no available bytes to change in the header), change a byte, or two, or four, to whatever you want to later check, save the file, and you should be good to go. Hope this helps. Shout if you need more clarification.


Great! I am going to try to implement this and I probably will have some more questions.
Thanks! for the help