After googling I didn't find answer to my question.
So, question.
I have site with http://www.emathhelp.net
Inside it there is folder with pdf files.
I want to restrict direct access to pdf files, so http://www.emathhelp.net/1/3192849.pdf will return error, but a page with code
<object data="pdf/1/3192849.pdf"></object> will correctly fetch pdf.
One of the attempts was to redirect all urls that end with .pdf to php script which then will find the page where pdf is embedded and redirect there. It was done, however inside <object></object> there is black screen, because I guess data="pdf/1/3192849.pdf" is rewritten also an thus infinite loop is created.
Can you help me?
Maybe there are some solutions through .htaccess, maybe I don't need to use <object>.
Please, write your suggestions.
Take it out of the web root folder. However, when it is supposed to be shown, use PHP to copy it to a temp location in your web root folder and display it to the user who is meant to see it. Keep a record of the temp file in a database, so that it is removed after say 1-2hrs.
Links:
Copy a file in PHP
PHP PDO tutorial
Related
Is there a way I could redirect users to a pdf display template inside my website rather than going directly to the pdf file in their browser.
For example, if a user clicks on a link to http://example.com/docs/date/1.pdf
I want him to be redirected to let's say http://example.com/docview.php and this PHP needs to get details of the pdf file from the URL of the previous link and then display the right PHP file.
All help appreciated.
Thanks in advance!
Two options:
1 - Use htaccess Rewrite rules to turn PDF accesses into PHP. This has the advantage that the user will see a link that actually says "PDF" in the URL. However, it can get a bit tricky to implement and you need to be careful that it is limited or you could easily end up with ALL PDFs anywhere on the site, including some that should just be static PDF files, redirecting to the script. This will do exactly what you ask - Google htaccess Rewrite and you can get plenty of examples.
2 - Change the links to reference your PHP scripts directly. The PHP script can then provide whatever frame or viewer desired or simply check for permission (if needed) and read the PDF file and output it to the browser. A .php extension on the URL doesn't mattter - the browser will display PDFs correctly based on the mimetype of the output. This is my personal preference for providing PDF output and I have done this many times.
I need to make a restricted file access system in php (I use Wordpress for my site).
Here is my idea:
User creates file via a pdf generator
Save this file in a specific folder (with a ID)
Denie the access for everybody - including the user who generated the file
Check on a output.php file if the user is the same who generated the file
Give the user the link for the file
The thing is that the file should be just downloadeble from the output.php and not via url in browser or something else. I know that sound unimpossible but is there everybody who has an idea? Although with restrictions if all is not possible.
Thank you very much for your help :)
I'm new to web development but i know some php basic stuff. Using ftp, i create directories then create simple php scripts there, simple as echoing a string. Which can be accessed like,
www.sampledomain.com/folder1/subfolder2/hello.php
After some time, my friend introduced me to wordpress which is what they described as CMS. I tried to visit her site www.majaflores.com then i click on some stuff there and i noticed the url changed to http://majaflores.com/project/if-i-let-you-in-please-dont-break-anything/
At first, its pretty normal for me because its just a link where there is a folder named "project" and inside it another folder named "if-i-let-you-in-please-dont-break-anything". But when she showed me the ftp folders directory, i didnt see any folder named "project" under main folder of the domain. How did wordpress manage to do this? and how can i implement this manually?
Just wanted to say that like most server-side code environments, PHP also let you parse URLs "manually" and decide what to do accordingly, be it return a file or generate some content.
You can find more information about how PHP is parsing URLs in here:
http://php.net/manual/en/function.parse-url.php
and some discussion regarding it in here:
URL handling – PHP vs Apache Rewrite
This is they way WordPress stores data. U can further see the setting under Permalink.
Under Permalink, u can have options to render ulr as page id, category names and more. You can also use your own format over there.
Just a note, WordPress stored data in database not as a content on FTP directory.
I am currently trying to develop an image uploading website by using CodeIgniter.
The thing is, I came across an issue today and I would really appreciate any kind of help in order to solve it.
So basically, the site is working. But the thing is, that the files are not private. A user may want to ensure that the files the users upload are only visible by them, and not by someone who just guesses a bunch of urls. (eg. user1 uploads image1 which he wants to keep private, for himself =>[localhostlocalhost/upload_script/files/image1.jpg], user2 can access image1 by guessing and typing the url [localhost/upload_script/files/image1.jpg] which is what we don't want to happen. )
I have done some research and I think that this would probably require another controller for serving the files (which checks for session data).
I have been "playing" with sessions etc in PHP for quite some time in the past, but I am not that familiar with them in CodeIgniter.
Is this the only way? I don't think I need to create separate directories for each user, do I? Can you please tell me how to head to the right direction or give me an example?
Thanks in advance,
harris21
In order to protect files, you will need keep them outside of your web root, otherwise people will always be able to url hack their way round.
I have used the very handy mod_xsendfile for apache (if you have that kind of access to your server) which will allow you to serve files that can be protected by access control and not accessed without the appropriate credentials.
Code snippet that you could put in your CI controller to display an image (adapted from the mod_xsendfile page):
...
if ($user->isLoggedIn())
{
header("X-Sendfile: $path_to_somefile");
header('Content-Type: image/jpeg');
exit;
}
If you cannot install mod_xsendfile then your only other option would be to use readfile() as TheShiftExchange says.
Use PHP to return images and lock the image directory behind the webserver root. This way, before serving an image you can check the user credentials via session variable, assuring that he is allowed to view the image. Otherwise you can redirect the user straight back to the website alerting him he does not have access. Serving images like this is way slower than just serving them via webserver (apache, nginx,...) but it will enable you to have control over the downloading of the images.
To be more exact, save the image details in a database, for example having columns: id, file_path, title, uid. Everytime a user wants to download an image for example calling http://domain.com/files/download/3 you can check if image with id 3 can be downloaded for the currently logged in user. You need to write your own controller that will be doing that.
I am doing a similar thing here http://www.mediabox.si/ you can check how images are served. I am allowing thumbnail images and I am watermarking larger images visible to ordinary visitors.
The ONLY way is to store the images outside the public_html. Otherwise by definition you are opening the file to direct access.
Use a controller to check if the user is allowed to access the file and the php function readfile() to serve the file
You can read some code at one of my other questions here: Does this PHP function protect against file transversal?
And this is actually VERY fast - you won't notice a performance hit at all
I need to redirect the url which is accessing the site images to the appropriate contents section of the site for example . the image test.jpg is used in the section http://www.mysite.com/article1 and my image path is domain/images/test.jpg if any user browse the image directly by this url domain/images/test.jpg . i would like to redirect to the article section.
What you are trying to do is kind of working against the principles of the web. A web browser loads that image of yours the same way if someone reads the article as it does when somebody accesses the image "directly".
If you only want to disable access to browsing your image collection, i.e. the directory listing of the images, that's fine and you can easily disable that in your web server.
However -- and I think that's what you are trying to do -- if you try to find out the difference how somebody accesses an image, either while reading "article1" or by loading it "directly", then things get complicated. You could use some kludges like setting cookies in the article and that you check for when loading the image... But it is probably more trouble than it's worth.