Page 1 of 1

is it possible to authenticate a pdf download?

Posted: Thu Feb 17, 2005 11:33 am
by sametch
I am creating a website with information that is available to download by PDF.

Users will log in to an "account" area and depending upon who they are different PDF downloads will be made available.

The problem is once the directory containing the downloads is known, users could guess at the download filenames.

Is there any way that PHP can pass a username and password to a directory protected with .htaccess? If there is I could create different folders and once a user logs into to their "account" area in PHP I could record their username and password and direct them to a folder that is protected by .htaccess without them having to login again!

If you know what I mean!

Posted: Thu Feb 17, 2005 11:40 am
by feyd
why not store the pdf's off somewhere else, and use a downloader script? If the pdf's were stored outside the document root, then the files can't be downloaded directly via guessing or any other form, they'd require access to the server's file system.

Posted: Thu Feb 17, 2005 12:35 pm
by sametch
feyd

I am not entirely sure what you mean by a "downloader script" When you say somewhere out of reach I figure you mean somewhere above the root in the server directory structure.

:?

Posted: Thu Feb 17, 2005 2:50 pm
by feyd
a downloader script is a script you link through to fetch something you wish to download. You request xyz from it, it returns the file corresponding to xyz. It does not give the path information, just returns the file itself, along with some additional headers.

Posted: Fri Feb 18, 2005 2:23 am
by sametch
feyd

I think this is taking me beyond my current knowledge of PHP could you give me any advice on what sort of functions I need to use to create a "downloader script"

Posted: Fri Feb 18, 2005 6:14 am
by timvw
your searching powers will be needed... but you don't need that much of them, because we have talked quite often about this type of problem in this forum..