I am showing PDF, Video file preview in my web application, but i want to give only read access to users, no one can`t download PDF & video files, I want to prevent users, how can we prevent users to download it using PHP ? only they can view, please share you ideas as soon as.
Thanks
Any content that is shown on the client's side, technically speaking, already downloaded to the user's machine. If the user is seeing the PDF file - it's already been downloaded.
For video: it's not that straightforward, you can organize a streaming of the video. It'll be fairly more complex for the user to download it as one file, but still, can be captured.
Related
I'm developing a new website with PHP & MySQL.
The website is for an online eBook library that grant access to its books based on paid subscription plans.
So, I need to make sure the PDF files of these books are well protected and can't be saved, downloaded, or in anyway copied.
How can I do that?
I suggest you to convert the PDF into an image , and display the first page or as you like, check this library it can be useful
Imagemagick
I think this is not a PHP or MYSQL solution. PDF's have a "protected mode". There you can disable printing the pdf. You should look for a server side pdf recreation tool that can recreate the pdf in protected mode and serve the user this file. Take a deeper look into PDF functions. I think i can remember that there should also a trial mode also and the ability to view only on 1 device.
Here a link for more info: http://www.dummies.com/software/adobe/acrobat/restrict-who-can-edit-or-print-pdf-documents/
You'll be able lock down the files from unwanted downloads. But redistribution or sharing login details will be a battle.
Some options I can think of
Option 1:
You can handle this yourself on the server. Housing the PDFs outside of the public Apache directory (so there is no way a URL can reach it). Then with a PHP function read the contents of the file and stream it to the browser.
Streaming a large file using PHP
Option 2:
Use something like AWS S3. You can lock down the bucket so there is no public access. And generate signed URLs as needed. They'll be unique urls which you can specify a time limit of availablity. AWS S3 The security of a signed URL as a hyperlink
Doing some research on trying to secure documents on a server so that visitors cannot copy paste the content.
Users can upload documents as pdf, doc, docx, and currently they can download these files in staging enviroment. Anyone know of a way I could either upload these as read only so once they are downloaded they cannot be edited or copy pasted etc?
Or is there a way I could get the contents of these files and display the content on a webpage while disabling copy paste etc?
Just looking for some ideas on a solution for this.
You cannot control web browser behavior.
The only way to do that is to use a script to render a part of a document.
For example, rendering page by page in a web view. But user could copy/past content even if you deploy some Javascript.
Perhaps, you should take a look to Flash, Silverlight or Java applet.
I think there are few solutions that can limit access to read only.
But il will mainly limited to computers.
You can protect a file with a password too.
Files could be downloaded but only users owning the password could edit them.
This is the case for PDF files, Excel files, etc.
It's a way but I don't think it's the best way.
I think the easiest way is to convert your documents as PDF files and to limit actions to read only by adding a password. You ll be able to disable write permission, print permission, etc. And rendering a PDF on a web page is very simple.
I am currently tasked to make a website that allows a personnel of people to select possible candidates for a job.
From here, the candidate will upload their resume online to the PHP server. After which, the candidate will view the resume for review to see whether is the candidate suits for the job. I would like to know how is it possible to allow them to download the document from the server and/or view the documents online, probably in another browser page.
Thank you! :)
I would like to know how is it possible to allow them to download the document from the server and/or view the documents online, probably in another browser page.
After a file was moved from the temporary upload folder to your "uploads" folder, you are able to generate a download link to the file.
The file can be view "online", when the viewer opens the file in a new browser tab (by right-clicking the download link, then open in new tab) or you set target="_blank" on the link.
Most modern browsers have PDF support. I would only suggest to utilize a document viewer on server side, if the download links must be protected and the user-group is rather small, because this doesn't scale well.
I have a website when requires the user to be logged in to access the contents. I need to embed some music player which can play some mp3. But the mp3 download link cannot be public, so is there any way to pass the PHP session to any flash based players so that the user can listen to it.
Edit: I would want a ready made flash player which has this functionality. Ideally something like the yahoo media player which can be embedded easily
First, you need to remember that if you're serving MP3 files via straight download (not streaming) anyone can simply download the file and then share it (even if the originally-used URL itself expires). So if you really need to protect your files, then use e.g. Flash Media Server to stream the files.
If you don't need that level of protection, you can still protect the link. Instead of linking the media player directly to your MP3 file, link it to a .php script that serves the MP3 file. The PHP script will check the session; if it's valid, it will serve the correct file; otherwise, it will serve a this link is expired MP3. Here's a topic covering that.
Again, though, if you're serious about protecting the files you need to use a streaming server.
Is there any way to protect your files(php files/images files) from tracking ?? (TeleportPRO, HTTrack, etc)
-Thanks for your time!
HTTrack crawls through your website then downloads and follows all the links it finds. So anything that a user using a browser will see is what this program will see.
PHP is server side so all the client gets is the html your produce so you do not have to worry about anyone getting your source code with a program like HTTrack. The only way to get your source would be for a attacker to get direct access to the files with ftp/on the system itself...
And as your users will be able to see your images the program will download the images but how would this affect you? If you are selling the images, you could access them through a .php file that checks if the currently logged-in user has purchased the image and then and only then show it. But for images that are part of your layout/template, it is quite normal for everyone browser etc. to download it. Those programs just download them for local viewing.