Hide files from non-members

On 16 Feb, 11:33, n...@spray.se wrote:

Hello!
I'm trying to secure pdf-files from users that are not logged in on a
site.
What I have tried now is to make a .htaccess file in the directory
where the pdf's are with "deny from all" which stops everyone from
downloading them. Then in the member-area when a user wants to
download a pdf a php-script copies the pdf-file from the secured-
folder to a temp-folder and renames it to some random file-name that
the user can download. Then when the user are ready with the download
I want the temp-file to be deleted automaticly to prohibit other non-
members to find it? How can I do this?
Maybe someone have another totally different solution to secure files?
Regards
/Samuel

Read the file's contents and send it to the terminal with the correct
headers. No need to write a temp file at all.
You will use similar code to this, replacing the database with your
"hidden" files.
Also rather than using .htaccess to deny access, just hold the files
in a directory that isn't in the http root structure.

On 16 Feb, 11:52, "Captain Paralytic" <paul_laut...@yahoo.comwrote:

On 16 Feb, 11:33, n...@spray.se wrote:

Hello!
I'm trying to secure pdf-files from users that are not logged in on a
site.
What I have tried now is to make a .htaccess file in the directory
where the pdf's are with "deny from all" which stops everyone from
downloading them. Then in the member-area when a user wants to
download a pdf a php-script copies the pdf-file from the secured-
folder to a temp-folder and renames it to some random file-name that
the user can download. Then when the user are ready with the download
I want the temp-file to be deleted automaticly to prohibit other non-
members to find it? How can I do this?
Maybe someone have another totally different solution to secure files?
Regards
/Samuel

Read the file's contents and send it to the terminal with the correct
headers. No need to write a temp file at all.
You will use similar code to this, replacing the database with your
"hidden" files.
Also rather than using .htaccess to deny access, just hold the files
in a directory that isn't in the http root structure.

Oops, missed the link!

http://www.onlamp.com/pub/a/onlamp/2...09/webdb2.html

no***@spray.se wrote:

Hello!
I'm trying to secure pdf-files from users that are not logged in on a
site.
What I have tried now is to make a .htaccess file in the directory
where the pdf's are with "deny from all" which stops everyone from
downloading them. Then in the member-area when a user wants to
download a pdf a php-script copies the pdf-file from the secured-
folder to a temp-folder and renames it to some random file-name that
the user can download. Then when the user are ready with the download
I want the temp-file to be deleted automaticly

Hi,

But how do you know when the user is finished downloading the pdf with the
random filename?

to prohibit other non-

members to find it? How can I do this?
Maybe someone have another totally different solution to secure files?
Regards
/Samuel

It might be easier to just place the files in a directory with 'deny from
all' in the .htaccess (as you already did), and read the file with PHP.
Then let PHP deliver its content to the browser.

Have a look at the filefunctions at php.net.
Here is the function file_get_contents():
http://nl2.php.net/manual/en/functio...t-contents.php

(I have wondered why that function isn't named file_get_content() instead of
the plural form...)

If you let PHP deliver the PDF, make sure PHP sets the right header for the
mimetype (not text/html, but application/pdf)
In that way you can simply refuse the execute the downloadscript if the user
is not logged in.

Regards,
Erwin Moller

On 16 Feb, 13:00, Erwin Moller
<since_humans_read_this_I_am_spammed_too_m...@spam yourself.comwrote:

n...@spray.se wrote:

Hello!
I'm trying to secure pdf-files from users that are not logged in on a
site.
What I have tried now is to make a .htaccess file in the directory
where the pdf's are with "deny from all" which stops everyone from
downloading them. Then in the member-area when a user wants to
download a pdf a php-script copies the pdf-file from the secured-
folder to a temp-folder and renames it to some random file-name that
the user can download. Then when the user are ready with the download
I want the temp-file to be deleted automaticly

Hi,

But how do you know when the user is finished downloading the pdf with the
random filename?

to prohibit other non-

members to find it? How can I do this?
Maybe someone have another totally different solution to secure files?
Regards
/Samuel

It might be easier to just place the files in a directory with 'deny from
all' in the .htaccess (as you already did), and read the file with PHP.
Then let PHP deliver its content to the browser.

Have a look at the filefunctions at php.net.
Here is the function file_get_contents():http://nl2.php.net/manual/en/functio...t-contents.php

(I have wondered why that function isn't named file_get_content() instead of
the plural form...)

If you let PHP deliver the PDF, make sure PHP sets the right header for the
mimetype (not text/html, but application/pdf)

In that way you can simply refuse the execute the downloadscript if the user
is not logged in.

Regards,
Erwin Moller

Thank you for fast answer

I tried and it worked, i just did like this:

$str_pdf = file_get_contents("$pathtopdf");
echo $str_pdf;

Is this right? How can I set the right header?
When I did this the pdf-file that I downloaded got the same name as
the php-file that the script is in, how can I rename it to something
else?

On 16 Feb, 12:52, n...@spray.se wrote:

On 16 Feb, 13:00, Erwin Moller

<since_humans_read_this_I_am_spammed_too_m...@spam yourself.comwrote:

n...@spray.se wrote:

Hello!
I'm trying to secure pdf-files from users that are not logged in on a
site.
What I have tried now is to make a .htaccess file in the directory
where the pdf's are with "deny from all" which stops everyone from
downloading them. Then in the member-area when a user wants to
download a pdf a php-script copies the pdf-file from the secured-
folder to a temp-folder and renames it to some random file-name that
the user can download. Then when the user are ready with the download
I want the temp-file to be deleted automaticly

Hi,

But how do you know when the user is finished downloading the pdf with the
random filename?

to prohibit other non-

members to find it? How can I do this?
Maybe someone have another totally different solution to secure files?
Regards
/Samuel

It might be easier to just place the files in a directory with 'deny from
all' in the .htaccess (as you already did), and read the file with PHP.
Then let PHP deliver its content to the browser.

Have a look at the filefunctions at php.net.
Here is the function file_get_contents():http://nl2.php.net/manual/en/functio...t-contents.php

(I have wondered why that function isn't named file_get_content() instead of
the plural form...)

If you let PHP deliver the PDF, make sure PHP sets the right header for the
mimetype (not text/html, but application/pdf)

In that way you can simply refuse the execute the downloadscript if the user
is not logged in.

Regards,
Erwin Moller

Thank you for fast answer

I tried and it worked, i just did like this:

$str_pdf = file_get_contents("$pathtopdf");
echo $str_pdf;

Is this right? How can I set the right header?
When I did this the pdf-file that I downloaded got the same name as
the php-file that the script is in, how can I rename it to something
else?- Hide quoted text -

- Show quoted text -

Look a tmy answer to you. I gave you a link to a page that told you
how to do it!

Captain Paralytic wrote:

On 16 Feb, 12:52, n...@spray.se wrote:

>On 16 Feb, 13:00, Erwin Moller

<since_humans_read_this_I_am_spammed_too_m...@spa myourself.comwrote:

n...@spray.se wrote:
Hello!
I'm trying to secure pdf-files from users that are not logged in on a
site.
What I have tried now is to make a .htaccess file in the directory
where the pdf's are with "deny from all" which stops everyone from
downloading them. Then in the member-area when a user wants to
download a pdf a php-script copies the pdf-file from the secured-
folder to a temp-folder and renames it to some random file-name that
the user can download. Then when the user are ready with the download
I want the temp-file to be deleted automaticly

Hi,

But how do you know when the user is finished downloading the pdf with
the random filename?

to prohibit other non-

members to find it? How can I do this?
Maybe someone have another totally different solution to secure
files? Regards
/Samuel

It might be easier to just place the files in a directory with 'deny
from all' in the .htaccess (as you already did), and read the file with
PHP. Then let PHP deliver its content to the browser.

Have a look at the filefunctions at php.net.
Here is the function

file_get_contents():http://nl2.php.net/manual/en/functio...t-contents.php

>>

(I have wondered why that function isn't named file_get_content()
instead of the plural form...)

If you let PHP deliver the PDF, make sure PHP sets the right header for
the mimetype (not text/html, but application/pdf)

In that way you can simply refuse the execute the downloadscript if the
user is not logged in.

Regards,
Erwin Moller

Thank you for fast answer

I tried and it worked, i just did like this:

$str_pdf = file_get_contents("$pathtopdf");
echo $str_pdf;

Is this right? How can I set the right header?
When I did this the pdf-file that I downloaded got the same name as
the php-file that the script is in, how can I rename it to something
else?- Hide quoted text -

- Show quoted text -

Look a tmy answer to you. I gave you a link to a page that told you
how to do it!

Yup. I second that.
I just scanned through it, and it looks like a good resource.
Of course it is: It is from O'Reilly. ;-)

Good luck/happy coding.

Regards,
Erwin Moller

>>- Show quoted text -

>Look a tmy answer to you. I gave you a link to a page that told you
how to do it!

Yup. I second that.
I just scanned through it, and it looks like a good resource.
Of course it is: It is from O'Reilly. ;-)

Just because you can store images in a db doesn't make it a good idea.
Just use http://www.php.net/manual/en/function.readfile.php (check the
example in the comments)

--
Arjen
http://www.hondenpage.com - Mijn site over honden

On 20 Feb, 09:29, Arjen <d...@mail.mewrote:

Just because you can store images in a db doesn't make it a good idea.

That is true, but it happens to be a good idea anyway!

Captain Paralytic schreef:

On 20 Feb, 09:29, Arjen <d...@mail.mewrote:

>Just because you can store images in a db doesn't make it a good idea.

That is true, but it happens to be a good idea anyway!

Why .. in what situation would bad performance be a good idea ?

--
Arjen
http://www.hondenpage.com - Mijn site over honden

On 20 Feb, 10:56, Arjen <d...@mail.mewrote:

Captain Paralytic schreef:
Why .. in what situation would bad performance be a good idea ?

You have evidence for the statement about bad performance?

Jerry Stuckle has provided lots of evidence for good performance and
ease of management of files/images in databases. I too have found that
the performance is excellent.

Arjen wrote:

Captain Paralytic schreef:

>On 20 Feb, 09:29, Arjen <d...@mail.mewrote:

>>Just because you can store images in a db doesn't make it a good idea.

That is true, but it happens to be a good idea anyway!

Why .. in what situation would bad performance be a good idea ?

Never of course. Unless it gives some other benefit, like ease of migration.

But when you migrate having a database is a little less headache, because
you don't have to worry about the new path, permissions, etc.

(I also never store files (images, documents) in a database, but just the
reference/filename.)

Regards,
Erwin Moller

Captain Paralytic schreef:

On 20 Feb, 10:56, Arjen <d...@mail.mewrote:

>Captain Paralytic schreef:
Why .. in what situation would bad performance be a good idea ?

You have evidence for the statement about bad performance?

Jerry Stuckle has provided lots of evidence for good performance and
ease of management of files/images in databases. I too have found that
the performance is excellent.

Ill test it tomorrow. Right now im inserting 100k pics into a db :-)

--
Arjen
http://www.hondenpage.com - Mijn site over honden

Arjen schreef:

Captain Paralytic schreef:

>On 20 Feb, 10:56, Arjen <d...@mail.mewrote:

>>Captain Paralytic schreef:
Why .. in what situation would bad performance be a good idea ?

You have evidence for the statement about bad performance?

Jerry Stuckle has provided lots of evidence for good performance and
ease of management of files/images in databases. I too have found that
the performance is excellent.

Ill test it tomorrow. Right now im inserting 100k pics into a db :-)

I uploaded 10k (not 100k) pics to my db. On average a page with 100
generated images from a blob entry took 4 secs to load. 100 random
images (varchar 255) took 0.4 secs to load.

--
Arjen
http://www.hondenpage.com - Mijn site over honden