How to Block Download PDF Files

Asked

Viewed 1,512 times

1

I’m developing an EDA platform for a client, the same has several handouts in pdf that wants to make available to the subscribers of the course, but he sells physical handouts as well, so he wants to prevent students to download the pdfs of the site, leaving them only for reading, it is possible to do this with php ?

php
  • 1

    Oops. I don’t know how to tell you exactly what you want, but I’ve already done a service that to avoid this kind of situation, we did this: when a user is going to download the pdf, We take the parent pdf and rewrite it with a privacy warning message and next to the message the user’s CPF on all pages. And in addition we put password in the . pdf which is usually the user’s CPF, thus inhibiting him from passing this. pdf to third parties or make a printed distribution.

  • the way you found it very interesting, I will seek to know how to do and apply to see if it all right too, thank you

1 answer

2

http://www.botecodigital.info/php/protegendo-arquivos-de-download-com-login/

Take a look at this link, I think it might help.

index php.

<?php
  session_start();
?><html>
  <head>
      <meta charset="UTF-8">
      <title>Teste protegendo download autenticado</title>
  </head>


  <body>
    <?php if ( $_SESSION['logado'] == "true" ){ ?>
    <p>Você está logado</p>
    <a href="logout.php">logout</a>
    <?php }else{ ?>
    Você <strong>não</strong> está logado!!!
    <a href="login.php">login</a>
    <?php } ?>


  <a href="download.php?download=putty.exe">Download putty.exe</a>
  </body>
</html>

login.php

<?php
  session_start();

  $_SESSION['logado'] = 'true';

  header('location: index.php');
?>

logout.php

<?php
  session_start();

  unset($_SESSION['logado']);

  header('location: index.php');
?>

download php.

<?php
session_start();

if( $_SESSION['logado'] == 'true' ){

    $download = $_GET['download'];
    if( is_file( '/home/boteco/downloads/'.$download ) ){
        $filename = '/home/boteco/downloads/'.$download;

        $finfo = finfo_open(FILEINFO_MIME_TYPE);
        $type = finfo_file($finfo, $filename);
        header('Content-type: '.$type);
        header('Content-Disposition: attachment; filename="'.$download.'"');

        readfile($filename);
    }else{
        echo "arquivo nao encontrado";
    }

}else{
    echo "Você não estaa logado. Faça o login para efetuar o download.";
}

?>

In line 2 we call the session_start() function so that we can read and write information in the session.

In line 4 we test if the user who accessed this logged in session, if the user can download.

On line 6 we took the name of the file we received via the GET parameter of the URL, as we saw in the index.php file on line 18 to download, we called download.php? download=Putty.exe so we want to download the Putty.exe file.

In line 7 we check if the file we received by parameter exists and is a file, you must have noticed that we used the absolute path of the download folder and concatenated with the name of the received file.

On line 8 we store the absolute name of the file in a variable for easy manipulation.

In line 10 we create a fileinfo resource, to be used to read the file mime-type.

Line 11 we read the MIME-TYPE of the file and store in a variable, we need to take the MIME-TYPE of the file because our download script has MIME-TYPE text/x-php and the behavior of the browser for this MIME- TYPE is to show it and not download it, if we leave the MIME in text/x-php and play the file however to the browser, we will see the binary code of the program, ie a lot of strange characters.

In line 12 we modified the mime of our script for the mime read from the file.

On line 13 we force the file to be downloaded with the name received by parameter, remembering, if we do not force it will use the name of the script which would not be something nice .

On line 15 we use the redfile function that reads a file and displays it on the screen, as we already modified the file header for another mime and to force the download the file will be read from the file system and sent to the user.

NOTE: Just remember, the finfo_open function is only available in PHP >= 5.3.0, if you use a previous version you can use mime_content_type but remember to check if it is available in your hosting, in mine for example is not and I’m not in the mood to bother with them, I stayed only with the local test.

  • Answers only with links are bad. Try to put some of the content of the link in your answer, because if the link breaks, your answer also breaks. Here’s my -1 until it’s fixed

  • Why use snippets in codes that are not executable in cliente-side?

  • Your answer is very confusing. It starts with a link, then follows 4 snippets of code, and at the end, the body of the answer refers to individual lines, but without saying which snippets they belong to. There is no general idea being described, so it is difficult for someone a little more layman (like me) to understand what is happening

Browser other questions tagged php

You are not signed in. Login or sign up in order to post.