Restrict from PDF/Images??

Anon

I'm currently taking a projects which require to restrict people from reading PDF/Images without Login.

I've thought of this question for so long and can't find a solution for it.

I've tried fopen()... the fpassthu()... this work only to view that particular file without adding any html code on it. But if I have a header and footer on it, then it will mass up. I also doesn't want to display the URL of the pdf/images so that nobody knows how to get it without login properly. PLEASE HELP ME... any expert huh??

brandonschnell

1) store the pdf files outsite of the web server root directory

2) use sessions or some other method to verify if the user is logged on. send back a html page with a list of pdf files to view/download if the user is logged on with a link to another page ("pdfdownload.php?filename=test.pdf").

3) have pdfdownload.php check to see if the user is logged in. if the user is logged in and request a file, clean up the $filename (as not to allow the user to request /etc/passwd) then set headers and send the file using fpassthru().

you might want to use a database to store the file information and local file path.