NYCPHP Meetup

NYPHP.org

[nycphp-talk] [OT] FORMS

Brian Dailey support at dailytechnology.net
Thu Jul 19 18:56:59 EDT 2007 

I shouldn't be in such a hurry. On review, use file_get_contents($file).

The point is to put the actual file in a directory that is not web 
accessible directly. This prevents people from guessing at the filename 
and pulling in your unprotected private information.

I'm not positive, but you'll probably have to set the headers to set it 
as an attachment and the mime-type pdf.

- Brian


Brian Dailey wrote:
> Feed it through a PHP page.
> 
> Something like:
> 
> <?php
>     if ($_SESSION['Auth'] === true) {
>         // set headers?
>         fread('/not/web/accessible/dir/file.pdf');
>     } else {
>         echo 'Denied, foo.';
>     }
> ?>
> 
> Nicholas Hart wrote:
>>
>> Hi,
>>
>> Anyone know a simple way to read-protect a file/library via a php 
>> login?  I have a login page which starts a session but there are 
>> certain dynamically created result files which I need to protect from 
>> potential prying eyes.
>>
>> For example, you can connect to https://www.mptf.org:75/docs/TF2.pdf 
>> but I want to find a way to test your login status before permitting 
>> you to view this file.  Let me know what you think.  Thanks!
>>
>> Regards,
>> Nicholas Hart
>>
>>
>>
>>
>> _______________________________________________
>> New York PHP Community Talk Mailing List
>> http://lists.nyphp.org/mailman/listinfo/talk
>>
>> NYPHPCon 2006 Presentations Online
>> http://www.nyphpcon.com
>>
>> Show Your Participation in New York PHP
>> http://www.nyphp.org/show_participation.php
>>
>>
> 
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
> 
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php

-- 

Thanks!
- Brian Dailey
Software Developer
New York, NY
www.dailytechnology.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: support.vcf
Type: text/x-vcard
Size: 264 bytes
Desc: not available
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070719/9cf5528c/attachment.vcf>

More information about the talk mailing list