php-file:
For members only.
1.1. echo file_get_contents(PATH) to read the pdf-file and
1.2. setting pdf-headers: header(“Content-type: application/pdf”);
protect the folder with the pdf-file with .htaccess (file in the folder with the pdf-file):
Order Deny,Allow
Deny from all
That needs the name of the pdf passed in as $pdf (and you may want to change the location from the pdfs folder).
I have code above that in the PDF that tests if the person is logged in before running that code.
By placing the PDFs in a password protected folder that doesn’t have a password or placing them above the public section of your hosting you prevent direct access to them so that they can then only be accessed through the PHP script.
One issue I am having is that .htaccess does not seem to work on the Windows host I am working with. I don’t need high level (government top secret), but just want an area where certain members can share PDF and probably MS Word files.
If the site was on a Linux server, I know I could use .htaccess to protect the folder with those files. What can I do with a IIS server?
.htaccess has to do with Apache not with Windows and you can have Apache on Windows.
PDF files can be put into a directory having login access to members or PDF may not exist physically but a PHP script can generate it (generation can be fast using some text or some other data source), based on user authorization.
I am unable to open any file ending in php. So I feel sure that the IIS host is not providing any PHP. I always get a 404 error on a PHP file, but renaming it as .html will allow me to open the file, but it does not do anything (as I expected).
So this brings me back to the question: How to secure documents, or folders on a Windows IIS system? I suspect we could ask the host to transfer the site to a Linux server, but for my own education, I think I need to learn how to work with Windows.
You can set the PDF folders rights (CHMOD) to 600 (Owner only) and can put all your files there. And through script you can call the requested PDF file for the members. Now no one else can access the folder and the files in it.
This is starting to get real interesting. I will have to wait until I get home to access the site controls and see how to set rights to 600 for a folder. I can’t seem to see the permissions with Filezilla.
Once I get that done, you say I need a script. How do I keep the average visitor from accessing the script?
For all the users who are not registered with your site, they CAN’T access to any of the PDF.
The next question is regarding the script. Yes you can let the registered users to open / download the pdf files in the secured folder. Like may be a php script that will list the PDF files on a page exclusive for the members, and then members can click any filename to download (through a force download script). Since the listing and force download script will be running as OWNER, so they can access the secured files and can present to the registered users.
I checked and the site supports FrontPage Server Extensions and nothing else. I also noticed that the only database support is Access Database Support.
I am thinking I need to get them to either move their site or upgrade it from the limited features it currently has.
To use FrontPage extensions you really need to use Expression Web as the editor to update the web pages as it is the only editor that currently understands what Frontpage extensions are.
I tried the 90 day trial of Expression Web, and did not like it. I think I will be pushing for an upgrade to add SSI or a shift to Linux which will have PHP and Apache with that host.
What will happen with the IIS security on the PDF folder we secured if we change to Linux. Will the security be gone and I can then use .htaccess to secure the folder? I suppose we will find out if we switch to Linux.
Can you point me to some helps for SSI? I need to know how to have includes, and will need to figure out how to get some scripts for the secure folder.
SSI basically can only contain HTML that is to be shared between pages. It will not add any server side scripting capability and so will not help with what you are trying to do.