|
|
Welcome to the Computer Webmaster Gaming Console Graphics Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact contact us. |
| |||||||
| PHP PHP for some can be one of the hardest website programming codes, so do you need help on your PHP script, if it is php4, php5 or lower this is the place for you for any PHP help. |
 |
| | LinkBack | Thread Tools | Display Modes |
05-20-2007, 5:33 PM
| #1 | ||
 |
Hello all. I have a client who wants to be able to restrict access to a PDF file to a specific user. They want a control panel where they can create a user with username/password and upload the PDF. So far so good. But what is the best way to restrict access to the PDF ? I was thinking of storing it above the root so that it was not in the public domain, when the user requests it, prompt for username/password and then copy the file with a random filename to a public place. Then delete is straight afterwards. There has to be a better way though ? thanks Zoe | ||
      |
| Advertisements |
|
05-20-2007, 5:33 PM
| #2 | ||
| |
"Zoe Brown" <zoenaomibrown@N-O-S-P-A-A-Mtesco.net> wrote in message news:kN%0i.1430$7l6.542@newsfe7-win.ntli.net... > Hello all. > > I have a client who wants to be able to restrict access to a PDF file to a > specific user. They want a control panel where they can create a user with > username/password and upload the PDF. So far so good. > > But what is the best way to restrict access to the PDF ? I was thinking of > storing it above the root so that it was not in the public domain, when the > user requests it, prompt for username/password and then copy the file with a > random filename to a public place. Then delete is straight afterwards. > > There has to be a better way though ? > > thanks > > Zoe > > What type of access? File system; php script; web? Vince | ||
| |
|
05-20-2007, 5:33 PM
| #3 | ||
| |
"Vince Morgan" <vinharAtHereoptusnet.com.au> wrote in message news:46448baa$0$28584$afc38c87@news.optusnet.com.a u... > "Zoe Brown" <zoenaomibrown@N-O-S-P-A-A-Mtesco.net> wrote in message > news:kN%0i.1430$7l6.542@newsfe7-win.ntli.net... >> Hello all. >> >> I have a client who wants to be able to restrict access to a PDF file to >> a >> specific user. They want a control panel where they can create a user > with >> username/password and upload the PDF. So far so good. >> >> But what is the best way to restrict access to the PDF ? I was thinking > of >> storing it above the root so that it was not in the public domain, when > the >> user requests it, prompt for username/password and then copy the file >> with > a >> random filename to a public place. Then delete is straight afterwards. >> >> There has to be a better way though ? >> >> thanks >> >> Zoe >> >> > What type of access? File system; php script; web? > Vince Would be via a link, so PHP. I am looking at .htaccess now though - do you think this would be better ? > | ||
| |
|
05-20-2007, 5:33 PM
| #4 | ||
| |
On Fri, 11 May 2007 15:16:32 GMT, in alt.php "Zoe Brown" <zoenaomibrown@N-O-S-P-A-A-Mtesco.net> <kN%0i.1430$7l6.542@newsfe7-win.ntli.net> wrote: >| Hello all. >| >| I have a client who wants to be able to restrict access to a PDF file to a >| specific user. They want a control panel where they can create a user with >| username/password and upload the PDF. So far so good. >| >| But what is the best way to restrict access to the PDF ? I was thinking of >| storing it above the root so that it was not in the public domain, when the >| user requests it, prompt for username/password and then copy the file with a >| random filename to a public place. Then delete is straight afterwards. >| >| There has to be a better way though ? >| >| thanks >| >| Zoe Thinking outside the square - why not password protect the PDF file itself? The average user will not be able to open the file without the correct password and there fore will not be able to view it. Then it doesn't matter where the file is stored. --------------------------------------------------------------- jnorthau@yourpantsyahoo.com.au : Remove your pants to reply --------------------------------------------------------------- | ||
| |
|
05-20-2007, 5:33 PM
| #5 | ||
| |
"Zoe Brown" <zoenaomibrown@N-O-S-P-A-A-Mtesco.net> wrote in message news:kN%0i.1430$7l6.542@newsfe7-win.ntli.net... > Hello all. > > I have a client who wants to be able to restrict access to a PDF file to a > specific user. They want a control panel where they can create a user with > username/password and upload the PDF. So far so good. > > But what is the best way to restrict access to the PDF ? I was thinking of > storing it above the root so that it was not in the public domain, when the > user requests it, prompt for username/password and then copy the file with a > random filename to a public place. Then delete is straight afterwards. > > There has to be a better way though ? > > thanks > > Zoe > > I've seen PHP programs like PHPBB that do a good job of managing permissions, but not quite what you would need. If you just needed to control access to a few people it could be simple, but if you are trying to manage people that may subscribe/unsubscribe over time then there's a lot more to worry about. Depending on what resources you had access to, it may be easier setting up the permission on your web server or the .htaccess file. If you had limited access and/or needed something more complex you may be able to find a publicly available PHP/MySQL authentication solution you can download and install or can build you own. Tom -- Newsguy.com - Express Accounts - 30 GB $9.95 / month | ||
| |
|
05-20-2007, 5:33 PM
| #6 | ||
| |
"Jeff North" <jnorthau@yahoo.com.au> wrote in message news:lv69435eo8sh1a92tsg5o1rkkn8t5holld@4ax.com... > On Fri, 11 May 2007 15:16:32 GMT, in alt.php "Zoe Brown" > <zoenaomibrown@N-O-S-P-A-A-Mtesco.net> > <kN%0i.1430$7l6.542@newsfe7-win.ntli.net> wrote: > >>| Hello all. >>| >>| I have a client who wants to be able to restrict access to a PDF file to >>a >>| specific user. They want a control panel where they can create a user >>with >>| username/password and upload the PDF. So far so good. >>| >>| But what is the best way to restrict access to the PDF ? I was thinking >>of >>| storing it above the root so that it was not in the public domain, when >>the >>| user requests it, prompt for username/password and then copy the file >>with a >>| random filename to a public place. Then delete is straight afterwards. >>| >>| There has to be a better way though ? >>| >>| thanks >>| >>| Zoe > > > Thinking outside the square - why not password protect the PDF file > itself? The average user will not be able to open the file without the > correct password and there fore will not be able to view it. Then it > doesn't matter where the file is stored. because the PDF file is not owned by the client, they want to upload a file (that they source from elsewhere) and just press a few buttons, they dont want to open and edit the file. So everyting needs to be done in php. | ||
| |
|
05-20-2007, 5:33 PM
| #7 | ||
| |
> I've seen PHP programs like PHPBB that do a good job of managing > permissions, but not quite what you would need. If you just needed to > control access to a few people it could be simple, but if you are trying > to > manage people that may subscribe/unsubscribe over time then there's a lot > more to worry about. > > Depending on what resources you had access to, it may be easier setting up > the permission on your web server or the .htaccess file. If you had > limited > access and/or needed something more complex you may be able to find a > publicly available PHP/MySQL authentication solution you can download and > install or can build you own. Thanks, I think I have decided to go down the .htaccess route. This will mean that the user will have to enter a username and/or password which will give them access to their link (they need to access the pdf via the website) and then once they access the file they will be prompted by the sever for username/password again. I think my client will live with this. | ||
| |
|
05-20-2007, 5:33 PM
| #8 | ||
| |
"Zoe Brown" <zoenaomibrown@N-O-S-P-A-A-Mtesco.net> wrote in news:H831i.3223$o42.590@newsfe3-win.ntli.net: > Thanks, I think I have decided to go down the .htaccess route. This > will mean that the user will have to enter a username and/or password > which will give them access to their link (they need to access the pdf > via the website) and then once they access the file they will be > prompted by the sever for username/password again. I think my client > will live with this. Sure, they may live with it, but you must recognize its far from ideal. A username+password system is good, but two systems? For retrieving one file? It sounds to me like you are forcing your user to deal with this problem instead of tackling it yourself on the programming side. Storing the file above the www root and streaming it via PHP is the best solution for what your client wants... when your system "gets" the PDF via PHP upload, store it in a folder above 'www' and keep the info in a database 'files' table (the file name, the real location on the server, and a bunch of random characters to serve as a key instead of using an auto-increment ID). Then, you have a file called "streamFile.php".... your user clicks on the link "streamFile.php?key=3197fhduabsd", and your script looks up the file according to the key, then uses readfile(); or a custom function to stream the file to the browser.... Or, you could go with .htaccess entirely. But using a combo of ..htaccess, sessions and databases to control user access is more often a headache than not. And asking people to enter a username/password more than once is incredibly annoying and bad user interface design. Good luck! | ||
| |
|
05-20-2007, 5:33 PM
| #9 | ||
| |
In article <3201i.6866$eY1.1099@newsfe2-win.ntli.net>, Zoe Brown wrote: > >> I have a client who wants to be able to restrict access to a PDF file to > >> a specific user. I think you're right. You don't need to put them in the root, just "above" the html directory. Then you can validate your user & give 'em the file, or not. Mark | ||
| |
|
05-20-2007, 5:33 PM
| #10 | ||
| |
> Then, you have a file called "streamFile.php".... your user clicks on > the link "streamFile.php?key=3197fhduabsd", and your script looks up the > file according to the key, then uses readfile(); or a custom function to > stream the file to the browser.... great, can you tell me a bit more about streaming the file to the browser, would this work for pdfs ? i presume this wont mean that they will abel to rightclick and download though ? but isn't you approach just as risky as having the pdf file in the public domain with a random name. > Or, you could go with .htaccess entirely. But using a combo of > .htaccess, sessions and databases to control user access is more often a > headache than not. And asking people to enter a username/password more > than once is incredibly annoying and bad user interface design. Thanks for your input, I agree 100%. I thought that the .htaccess thing was the right way forward but am now reconsidering. Thanks again. | ||
| |
| Featured Websites | ||||
|
|
| Tags: access, restricted |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| Display Modes | |
| |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| ms access | theseeric | Database | 1 | 08-02-2006 12:41 AM |
| Featured Websites | ||||
|
restricted access 
PacMan
Linear Mode
