I have a site built in PHP and we have some PHP pages that require logging in that produce links to PDFs. The problem is that those PDFs (which were copied out to Amazon Cloudfront) were indexed and available for searching.
What is the easiest way to stream an existing PDF to the browser, making it so that the user has to login to be able to see the document? I'm hoping that there is some simple Header code or something where I can say "load this file on the server that's not accessible on the web and output it as PDF".
Any thoughts/suggestions?
Thanks!
You can use htaccess (or similar) to redirect any requests for a .pdf document to a PHP script, passing the requested file name. The script can then validate the log-in credentials, and if the user is logged in it can then send PDF headers, fetch the PDF document (file_get_contents) and output the code.
You can either block access to files (as mentioned in the other answer) or (more cleverly, IMHO) you can pass the file through to the browser after checking credentials (or doing pretty much anything) in PHP. There are code examples and a discussion here: http://bytes.com/topic/php/answers/159354-pass-through-any-file
Related
Doing some research on trying to secure documents on a server so that visitors cannot copy paste the content.
Users can upload documents as pdf, doc, docx, and currently they can download these files in staging enviroment. Anyone know of a way I could either upload these as read only so once they are downloaded they cannot be edited or copy pasted etc?
Or is there a way I could get the contents of these files and display the content on a webpage while disabling copy paste etc?
Just looking for some ideas on a solution for this.
You cannot control web browser behavior.
The only way to do that is to use a script to render a part of a document.
For example, rendering page by page in a web view. But user could copy/past content even if you deploy some Javascript.
Perhaps, you should take a look to Flash, Silverlight or Java applet.
I think there are few solutions that can limit access to read only.
But il will mainly limited to computers.
You can protect a file with a password too.
Files could be downloaded but only users owning the password could edit them.
This is the case for PDF files, Excel files, etc.
It's a way but I don't think it's the best way.
I think the easiest way is to convert your documents as PDF files and to limit actions to read only by adding a password. You ll be able to disable write permission, print permission, etc. And rendering a PDF on a web page is very simple.
I'm trying to build a basic web application using the Dropbox API. I have the file upload/folder listing etc. working but cannot find in the documentation how to force the file to download to the user's browser. Is this possible?
If it is can someone point me in the right direction? I'm using the standard PHP SDK.
Dropbox.com: How do I force a file to download from the web
Force a file or folder to download
To cause the browser to download a file or folder rather than display
it, you can use dl=1 as a query parameter in your URL. For example:
https://www.dropbox.com/s/qmocfrco2t0d28o/Fluffbeast.docx?dl=1 Note
that the original share link URL may contain query string parameters
already (e.g. dl=0), so app developers should make sure to properly
parse the URL and add or modify parameters as needed.
And if that doesn't suffice you can check Wikihow: How to Force a File to Download from the Web on Dropbox, with nice screenshots.
If this is not what you had in mind you have clarified that in your question. You still can do that now.
There are different user for my website, and for each user there are separate PDF files, I want to give users privilege to download their files(but should not see the files of others users). Now I have created a login and I have the user-id in SESSION (I am using PHP for backend). So what is the secure way of accomplishing this task? Also how should I manage many of these PDFs on my server? (currently I have kept all the PDFs in one folder, but this seems insecure and I think these can easily be extracted by the un-authenticated user)
At a high level:
Store your PDFs outside of your webserver document root. Make them completely inaccessible to direct browser access.
Write a PHP script to handle download requests. This PHP page can check the session user ID to ensure the user is requesting a file that they are allowed to access.
Use header() calls and readfile() to then send the appropriate PDF file to the user.
Feel free to come back and post a question when you've researched and worked on this, and have a specific question with code.
I'm working with a 3rd party API that allows me to upload a file to its database. This file has an specific format, but it's plain text.
What I want to do, is generate the text by myself with a PHP script on my own site and upload it to it's server like a file.
The catch is: I want to do this without have to save a temporary file on my own server and if possible, avoiding the use of cURL.
Thanks in advance.
file_put_contents('http://...', $your_text_file);
However, if the API has http basic auth on it, you'll ned to us a stream context to set all that up.
I have a program I wrote that when it has an error, it saves infomation of the error in a zip file in their TEMP directory, and then opens their browser to my PHP file.
I want the PHP file to automatically go to a specific location (their temp zip) that will be passed via HTTP POST arguments and attach the zip folder to an email to myself. It should be noted that my mail() command is connected to an google SMTP server.
Can this be done?
If not, what do you suggest as an alternative. I suppose I could pass the binary data as a HTTP Post and then have PHP recreate the zip? All ideas are welcomed.
I'm not sure you can do that via the browser - no browser can upload a file without users' consent - that's insecure and hence it is not allowed.
You could rather try making a connection to the server, not open the web page on your server, from your software and upload the file that way - cURL would be the method of choice I think - it has plenty of implementations in most programming languages so it shouldn't be a problem. Just try searching for "upload a file with curl" on google.