Hi there,
I have a link on my web page. When clicked, opens up a pdf file that is
stored on my server. Every file is specific to a user's user name and I
don't want users to see each other's files.
For example:
When User1 clicks on the link, it opens up http://mydomain.com/files/user1.pdf
and when User2 clicks on the link, it opens up http://mydomain.com/files/user2.pdf.
So, if User1 knows about User2, he can see User2's pdf file.
How can I make the file open up in a different window without the file
path in the address bar?
Thanks,
Usman 6  2016 
>I have a link on my web page. When clicked, opens up a pdf file that is stored on my server. Every file is specific to a user's user name and I
don't want users to see each other's files.
For example:
When User1 clicks on the link, it opens up
http://mydomain.com/files/user1.pdf
and when User2 clicks on the link, it opens up
http://mydomain.com/files/user2.pdf.
So, if User1 knows about User2, he can see User2's pdf file.
How can I make the file open up in a different window without the file
path in the address bar?
Make sure that there is *NO* URL that can be used to obtain
the file for a user unless the person is logged in as that user.
Provide one URL that can be used by a user to get their own file.
Write a PHP script, say, pdf.php, which does the following:
1. Determines if the user is logged in, if not, rejects the request.
2. Opens the .pdf file (located *outside* the web server document root)
for the logged in user, using the username as part of the path
name somehow. Or, it could generate the pdf file on the fly.
3. Outputs a content-type header for a pdf file.
4. Calls fpassthru() on the file opened in #2.
The user clicks on a link to pdf.php, and they get *their* pdf file.
Gordon L. Burditt
Thanks Gordon,
Your solution totally makes sense. Once I know the user is logged in, I
determine what is his file name. Then I open a file stream to that
file, and using fpassthru() spit it out.
I can totally see how to implement this. However, I was wondering if
there is a PHP function that takes a file name (located on the server)
as input, and pops up a window with the PDF file in it. Or even prompts
the user to save the file. This way, there is no URL in the story. And
hence, no privacy issues.
I would appreciate any idea.
Thanks.
Usman
Gordon Burditt wrote: I have a link on my web page. When clicked, opens up a pdf file that is
stored on my server. Every file is specific to a user's user name and I
don't want users to see each other's files.
For example:
When User1 clicks on the link, it opens up
http://mydomain.com/files/user1.pdf
and when User2 clicks on the link, it opens up
http://mydomain.com/files/user2.pdf.
So, if User1 knows about User2, he can see User2's pdf file.
How can I make the file open up in a different window without the file
path in the address bar?
Make sure that there is *NO* URL that can be used to obtain
the file for a user unless the person is logged in as that user.
Provide one URL that can be used by a user to get their own file.
Write a PHP script, say, pdf.php, which does the following:
1. Determines if the user is logged in, if not, rejects the request.
2. Opens the .pdf file (located *outside* the web server document root)
for the logged in user, using the username as part of the path
name somehow. Or, it could generate the pdf file on the fly.
3. Outputs a content-type header for a pdf file.
4. Calls fpassthru() on the file opened in #2.
The user clicks on a link to pdf.php, and they get *their* pdf file.
Gordon L. Burditt
>Your solution totally makes sense. Once I know the user is logged in, I determine what is his file name. Then I open a file stream to that
file, and using fpassthru() spit it out.
You do this in a .php file which as far as the user is concerned
*is* the pdf file. And you can put in as many security checks
as you like before delivering the file.
I can totally see how to implement this. However, I was wondering if
there is a PHP function that takes a file name (located on the server)
*OUTSIDE THE DOCUMENT TREE*as input, and pops up a window with the PDF file in it.
It's not that hard to do using a combination of fopen(), fpassthru(),
(inside the script I suggested) and outputting some HTML that points
at the script I suggested.
Or even prompts
If you want to pop up a window, that requires HTML. Or Javascript,
which is Turned Off(tm). And as far as I know, either requires a
URL for what to put *in* the window. That's where the script I
suggested comes in. I consider popping up a window to be obnoxious
behavior so I don't remember how to do it.
the user to save the file. This way, there is no URL in the story. And
hence, no privacy issues.
The URL to the PHP script I suggested gives the user his *own* pdf
file. It's like the "View my Statement" link on my bank's website.
It's the same link for every user (but delivers different info),
and it gives an error message to those not logged in. Publish it
to the world: if your login system has decent security, it's not
a problem. If your login system does not have decent security,
you're in deep trouble anyway.
Since the .pdf files for individual users are outside the document
tree, you can make those paths public, too, since nobody can
access them. Nobody will see the paths when they access the
files in the normal way. However, making the paths public provides
a specific target for someone hacking your system or sending you
a virus, so I suggest not making them public. There's no innocent
use of those paths directly by users anyway.
Gordon Burditt wrote: >I have a link on my web page. When clicked, opens up a pdf file that is
>stored on my server. Every file is specific to a user's user name and I
>don't want users to see each other's files.
>For example:
>When User1 clicks on the link, it opens up
>http://mydomain.com/files/user1.pdf
>and when User2 clicks on the link, it opens up
>http://mydomain.com/files/user2.pdf.
>
>So, if User1 knows about User2, he can see User2's pdf file.
>
>How can I make the file open up in a different window without the file
>path in the address bar?
Make sure that there is *NO* URL that can be used to obtain
the file for a user unless the person is logged in as that user.
Provide one URL that can be used by a user to get their own file.
Write a PHP script, say, pdf.php, which does the following:
1. Determines if the user is logged in, if not, rejects the request.
2. Opens the .pdf file (located *outside* the web server document root)
for the logged in user, using the username as part of the path
name somehow. Or, it could generate the pdf file on the fly.
3. Outputs a content-type header for a pdf file.
4. Calls fpassthru() on the file opened in #2.
The user clicks on a link to pdf.php, and they get *their* pdf file.
Gordon L. Burditt
Ozz schrieb: Hi there,
I posted an alternative suggestion in alt.php. Please, if you post the
same question to several newsgroups, do crosspost (post it to all groups
at once) and not multipost (post it to each group separately)!
Multiposting makes people answer questions already answered in another
group, and thus is considered as wasting people's time.
--
Markus
Markus Ernst wrote: Ozz schrieb: Hi there,
I posted an alternative suggestion in alt.php. Please, if you post the
same question to several newsgroups, do crosspost (post it to all groups
at once) and not multipost (post it to each group separately)!
Multiposting makes people answer questions already answered in another
group, and thus is considered as wasting people's time.
--
Markus
I believe htacces could help you to force them to download, but still
user.pdf would appear in the browser's history ...
Frizzle.
Thanks for pointing out Markus,
I wasn't aware of cross-posting. It sounds like an appropriate thing to
do. Will do it properly next time.
Cheers,
Usman
Markus Ernst wrote: Ozz schrieb: Hi there,
I posted an alternative suggestion in alt.php. Please, if you post the
same question to several newsgroups, do crosspost (post it to all groups
at once) and not multipost (post it to each group separately)!
Multiposting makes people answer questions already answered in another
group, and thus is considered as wasting people's time.
--
Markus This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Dino |
last post by:
dear all,
i've created an application for a customer where the customer can upload
..csv-files into a specified ftp-directory. on the server, a php-script,
triggered by a cronjob, reads all the...
|
by: o'seally |
last post by:
solaris/linux admins/rookie_developers that battle with this error are
probably all frustrated when it happens. i bet you're also somehow
frustrated by this seemingly unsolvable error :-) ...take...
|
by: j erickson |
last post by:
with the following xsl and xml file, the display of the gif file with
the <image/url> tag works. However, the gif file in the <description>
tag using the name attribute "src" won't make the correct...
|
by: sparks |
last post by:
I have never done this and wanted to ask people who have what is the
best way.
One person said import it to excel, then import it into access table.
but since this will be done a lot, I am...
|
by: Todd Acheson |
last post by:
I'm having a small problem with uploading files in ASP.NET.
My html page for uploading has something similar to:
<form id="Form1" method="post" enctype="multipart/form-data" runat="server">...
|
by: Jim Michaels |
last post by:
after a file upload, $_FILES is not populated but $_POST is. what's going
on here?
$_POST=C
$_POST=C
$_POST=C
$_POST=C:\\www\\jimm\\images\\bg1.jpg
$_FILES=
$_FILES=
$_FILES=
|
by: Daniel Padron |
last post by:
Ok. Maybe I shouldnt post such basic questions here in such an advanced
group but my high school programming teacher wont answer any questions
outside of his curriculum :(
My goal is create a...
|
by: ADezii |
last post by:
Rather than using CurrentProject.Connection or entering your own Connection information, ADO supports storing Connection information in an external file called a Data Link File (which normally has a...
|
by: =?Utf-8?B?YzY3NjIyOA==?= |
last post by:
Hi all,
I cut and paste the following code from msdn help page which it just
introduces view and multiview server controls.
Here is what I do:
in vs studio 2005, File --New Web Site, it...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |
