security questions

Anon

I have a script which reads in .pdf files based on user input. here is the script

<?php

header("Content-type: application/pdf");
header("Content-disposition: inline; filename=$filedata.pdf");
header("Content-length: " . filesize("$filedata.pdf"));

$fd = fopen("$filedata.pdf", "r");
fpassthru($fd);
fclose($fd);

I have all of my files stored in one directory, is there a way to secury this directory against browsing as well as the files inside? i would like to limit access to the files unless the script is run. So is there a way to change permissions in the actual script such as with chmod?

thanks

tasistro

call your script index.php4 or index.html or whatever your server defaults as the base file, also configure your server (I assume apache) to not let you browse directory contents.

If your pdf script can't be called index.php4 or index.%whatever% do the following....

say your pdf script is called pdf.php4 on
www.yourserver.com
in a directory called
pdffiledir

and your webserver defaults to index.php4 (could be index.html or index.html)

index.php4 contains
!!!!START OF FILE HERE NOT EVEN A SPACE BEFORE <? !!!!!!!
<?

header("Location: http://www.yourserver.com/pdffiledir/pdf.php4");
exit;