PDF's and behind the scenes passwords... should be tricky.

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
greener
Forum Newbie
Posts: 1
Joined: Fri Feb 15, 2008 2:46 pm

PDF's and behind the scenes passwords... should be tricky.

Post by greener »

This is for http://www.cougarnotes.com

My website is designed to serve up PDF's to members with the right access. I have already programmed the PDF's to be served up from behind an htaccess so that PDF's can only be viewed while logged in with the appropriate access.

I want users to only be able to view PDF's while logged in or to be able to print them. I don't want them to be able to download them.

My Idea:
Can you open a password protected PDF with a password that is entered 'behind the scenes' either on the server side or in the users browser via javascript. This way the user never sees the password and if they do download the PDF's they won't be able to open them.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: PDF's and behind the scenes passwords... should be tricky.

Post by Christopher »

I don't think you can do that, but there are many options available for PDF -- check the Adobe site.
(#10850)
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Re: PDF's and behind the scenes passwords... should be tricky.

Post by Chris Corbyn »

That wouldn't really be possible no. You could experiment with multipart/x-mixed-replace content-types and see if it's possible to push a new "corrupt" version down to replace the working version. In theory, the browser should only "display" the version it can actually display.

Code: Select all

<?php
 
header("Content-Type: multipart/x-mixed-replace; boundary=\"_=_foo_=_\"");
header("Content-Transfer-Encoding: 7bit");
 
/* The next parts send headers for nested content... in theory the browser displays each
 part until it hits one it can't display */
 
?>
--_=_foo_=_
Content-Type: application/pdf; filename="pdf.pdf"
Content-Transfer-Encoding: base64
Content-Disposition: inline

<?php

echo chunk_split(base64_encode(file_get_contents($the_real_pdf)));
 
?>
 
--_=_foo_=_
Content-Type: application/pdf; filename=pdf.pdf
Content-Transfer-Encoding: base64
Content-Disposition: inline
 
... some corrupt data ...
 
--_=_foo_=_--
 
Even if that worked, a programmer would be able to get the PDF data by viewing the source and base64_decode()'ing it.

multipart/x-mixed-replace is good fun to play with in any case. I'm releasing a library soon which will offer MIME support of HTTP to do those embedded downloads like sourceforge do using multipart content types.
Post Reply