Hiding Download Link in PHP
Hello all!
Thanks for taking a look. I am working on a site that hosts some PDF docs in a secure environment. I have the security bit down, but I am having an issue.
I need to be able to hide the download link so that the user can't copy and paste the link into a browser window and change some characters and potentially end up with someone else's info.
example: www.mysite.com/docs/customerID1234/doc.pdf
I don't want the user to be able to change the "1234" into something else and have access to other content.
Note: There is already a login system in place, and this link would be behind it in a secure environment. I don't want authroized users to phish around. This is on an Apache server.
Thanks everyone!
ike1492
Thanks for taking a look. I am working on a site that hosts some PDF docs in a secure environment. I have the security bit down, but I am having an issue.
I need to be able to hide the download link so that the user can't copy and paste the link into a browser window and change some characters and potentially end up with someone else's info.
example: www.mysite.com/docs/customerID1234/doc.pdf
I don't want the user to be able to change the "1234" into something else and have access to other content.
Note: There is already a login system in place, and this link would be behind it in a secure environment. I don't want authroized users to phish around. This is on an Apache server.
Thanks everyone!
ike1492
Last Comment
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
View Source won't show the URL, as there is no "Source" to show - you've declared the headers as a PDF, so HTML source won't exist after that point.
The URL in the browser window will be www.mysite.com/download_my_doc.php
They would need to change the cust_id in the session, which is possible but a lot harder than changing a visible URL - be careful though, as if you're sending it to the php script on the querystring, then you're no better off (you don't want ...download_my_doc.php?cus
Plus, I forgot a little bit... you need readfile($file) as the last line. That's the bit which actually outputs the file content. Doh!
header('Accept-Ranges: bytes');
readfile($file);
?>
The URL in the browser window will be www.mysite.com/download_my_doc.php
They would need to change the cust_id in the session, which is possible but a lot harder than changing a visible URL - be careful though, as if you're sending it to the php script on the querystring, then you're no better off (you don't want ...download_my_doc.php?cus
Plus, I forgot a little bit... you need readfile($file) as the last line. That's the bit which actually outputs the file content. Doh!
header('Accept-Ranges: bytes');
readfile($file);
?>
JavaScript
JavaScript is a dynamic, object-based language commonly used for client-side scripting in web browsers. Recently, server side JavaScript frameworks have also emerged. JavaScript runs on nearly every operating system and in almost every mainstream web browser.
127K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
ASKER
On mobile right now and can't try the code - thanks again!
Wait, I see it. PERFECT!!! - Thanks!