All geek questions in one place

How to password protect downloadable pdf files on a website

I have a personal portfolio, and I have some pdf files, for example

<a href="file.pdf">Some file</a>

I don’t want everyone to upload the file, and I want it to protect it with a password so that I can only share it with people I know.

where only the one who gives the correct password can upload my file

Note: 1. from his personal portfolio of the website he does not have any “INPUTS”
2. I designed the HTML web page as responsive code.

Your suggestions, please, in any way do this without .htaccess

+4
source share
4 answers

Use MySQL or MySQLite - depending on your preference - and save the link to the PDF in the database. Then use a script like download.php. Save the password for the file in the database and ask the user to enter it before downloading the file. If you are not familiar with databases, you CAN do all this in PHP.

VERY rough layout (without a database, if you are familiar with dbs, adjust accordingly)

HTML form

 <form name="download" id="download" method="post" action="download.php"> <input type="password" id="password" name="password" /> <input type="submit" id="submit" value="Download" /> </form>

PHP (download.php)

 <?php // Get the password $pw = md5($_POST['password']); // Compare against the stored password $valid_pw = md5("your password you want to use"); if($pw != $valid_pw){ echo "Error! You do not have access to this file"; }else{ header("Location: /path/to/your/file.pdf"); } ?>

NOTES:

I used an extremely simple password encryption method. I would research the best methods if this was my application, but for brevity and ease of understanding, I used a simple comparison of the md5() hashes.

+1
source

You need to use the php file to submit the file where the PDF files are stored in the NON PUBLIC folder.

For example, place your pdf files in a public directory, say: / home / pdfs /

And your PHP script in the public directory is accessable, say: / home / public_html /

Inside the script in the public directory, put:

 if (isset($_GET('password')) { die('wrong password'); } if ($_GET['password'] != 'mypass') { die('wrong password'); } $file="/home/pdfs/test.pdf"; header("Pragma: public"); header('Content-disposition: attachment; filename='.$file); header("Content-type: ".mime_content_type($file)); header('Content-Transfer-Encoding: binary'); ob_clean(); flush(); readfile($file);

Use GET values ​​to determine the file you are downloading, but for better security, allow .pdf extensions, delete all other periods and slashes so that they cannot move through your server directories and receive important security files containing passwords, etc. !!! To be even safer, still name your pdf files with the characters az 0-9 and - or _

And then when you want to download the file, return the URL in the script above and make sure the pdf file exists in the public directory.

+4
source

Follow @ rsmith84's tips , but make sure you block access to the folder:

Apache .htaccess

 Deny from all

IIS file web.config

 <system.webServer> <security> <authorization> <remove users="*" roles="" verbs="" /> <add accessType="Allow" roles="Administrators" /> </authorization> </security> </system.webServer>

Then let delivery be possible only with a PHP file. Check the user, and then run readfile('/protectd/file/path') from the protected folder.

+3
source

Create a php file, say, download.php and move on to this file.
You can check the correct password there, and if it is correct, you can write the contents of the PDF file in response.

+2
source

Source: https://habr.com/ru/post/1443081/

More articles:


All Articles