Need Help Protecting PDF Files

I created a member's area to my site where someone would go in, sign up and pay for a subscription to a newsletter which is in pdf format. Works fine.

The problem is, this was written in php and I am stumped as to how to protect the pdf newsletter from non-members. If someone were to pass the URL of the pdf file to someone else, they are able to view it without entering a password.

I am not using .htpasswd since php already controls the members' sign in.

Any ideas?

Thanks!

 

There is no way of controling the distribution of the copy, sorry to tell you.

Hold the phone, you may be able to use a php page that streams the content, but sends out a header telling the browser to open the stream in adobe. Haven't done it, but it a though.

 

can you password protect the directory where the pdf file is in so that when punters type in the url directly, they are asked for user and pass.

just a thought, I am no expert on the subject.

 

I believe this may be what you're after...


http://www.siliconrealms.com/ebook.shtml

 

Thanks for the quick replies.

I'm not a php expert but I found this. Sounds like what you mentioned. Am I on the right track?

<?
if($paystatus == paid)
{
// You may force a PDF file by sending proper HTTP headers to the users
// client (such as their browser) so for example let's say we have a file
// named original.pdf and we want to force the user to download it and for
// fun we'll rename it downloaded.pdf:
// We'll be outputting a PDF
header('Content-type: application/pdf');

// It will be called downloaded.pdf
header('Content-Disposition: attachment; filename="downloaded.pdf"');

// The PDF source is in original.pdf
readfile('original.pdf');
?>

 

Using .htpasswd is an option but I'm concerned about 2 things (but it may be that I don't have a choice) I already use php to get the members to sign in. If I password protected the pdf folder they'd have to enter another password.

Also, I'm not sure how to automate signup to add the new users into the .htpaswd file. It sounds like I'd have to do it manually.

Thanks again.
Tom

 

If anyone knows how to do this, I'd appreciate your help!

Thanks,
Tom

 

save the pdf files in your home directory..

when the logged in user requests the pdf file, make the php script read the pdf file, set the File-type header to application/pdf and then echo the pdf script on the php page.

This will display the pdf file to the users, while preventing non logged in users from reading them.

This isn't full proof, for e.g someone downloading the file.

If you want further help, pm me.

 

Thanks! I'll try it.

 

A 100% secure way to do it would be to use fpdf (free). This is a library to dynamically create pdf files (it can also pull in existing pdf files and merge them with a new file).

You can do all the standard user validation with php at the top of the page and output either an error message if the user is not logged in or output the pdf file if everything is OK.

Make sure you delete the pdf file from its temp directory at the end of the script.

 

Thanks! I'll check it out.