Posted by keith (keith), 22 March 2005Hi,
I want to host a load of PDF files on my site and allow people to access them only via my PHP Pages (when they are logged in). How can I protect these files from being directly linked by the user? I know mod_rewrite will do it by hiding the real folder but I am looking at .htaccess protection and PHP.
If however I password protect the folder using .htaccess, I get a dialogue box requesting 'username' and 'password' to get the PDF file.
I am using
to get to the PDF file from my script.
Is there a way that PHP can access a .htaccess protected folder?
I am on a shared host, so cannot edit httpd.conf
Many thanks in advance.
Posted by admin (Graham Ellis), 22 March 2005Keith, you don't need to start "messing about" with .htaccess or anything like that - you can put the .pdf files in a totally different location to the document tree so that they don't have any URL of their own and feed them from the PHP script.
If you've got a copy of the Autumn 2004 issue of our "of course" newsletter, we use exactly this technique in the article on pages 18 and 19 that has a PHP script sending out a (random) image; if you've not got the article to hand you can download the newsletter via http://www.wellho.net/downloads/.
Posted by keith (keith), 23 March 2005Thanks Graham,
I will take a look at the article.
I'm not sure whether I can move them outside of the 'document tree' (web root I assume). As this is shared hosting
Do shared hosts normally offer space outside of the 'document tree' (web root)?
If so, maybe I should move away from our current one.
Posted by admin (Graham Ellis), 24 March 2005On all the (paid) hosting services we use, it's possible for us to keep data without our area but not in the document tree, and I think this is common practise - documents in (say) an htdocs subdiretory, CGI in a cgi-bin directory, and other directories called things like logs and private and data that can be used for purposes such as I describe. On free hosting services, you're likely to be more limited
PH: 01144 1225 708225 • FAX: 01144 1225 899360 • EMAIL: email@example.com • WEB: http://www.wellho.net • SKYPE: wellho