PHP guys, restricting access to files based on a users access level

Discussion in 'OT Technology' started by biawokauns, Aug 9, 2004.

  1. biawokauns

    biawokauns New Member

    Joined:
    Sep 18, 2001
    Messages:
    19,893
    Likes Received:
    0
    Location:
    Republic of Kalifornia
    What's the best way to go about this? I have a bunch of PDF files, each I want to assign an access level to, say 1-10. I want users who log in to only be able to access the files which is < or = their access level (6 can access 6 and <).

    One problem I thought of was, if I put the PDF files into a directory, as long as somebody has a direct URL link, they can download it.

    thoughts, help, code snippets? :)
     
  2. robx

    robx Guest

    look into .htaccess
     
  3. biawokauns

    biawokauns New Member

    Joined:
    Sep 18, 2001
    Messages:
    19,893
    Likes Received:
    0
    Location:
    Republic of Kalifornia
  4. tau

    tau Guest

  5. biawokauns

    biawokauns New Member

    Joined:
    Sep 18, 2001
    Messages:
    19,893
    Likes Received:
    0
    Location:
    Republic of Kalifornia
    yes, apache
     
  6. SLED

    SLED build an idiot proof device and someone else will

    Joined:
    Sep 20, 2001
    Messages:
    28,118
    Likes Received:
    0
    Location:
    AZ, like a bauce!
    This is not too hard to accomplish. Basically you need a database table with username, password, and security level. Now, based on their login, you can grab a security level. Then you can either name the pdf files something like 5_documentName.pdf and parse out the number, or you could put all 5 documents in their own folder. Then just check their security access level vs. the document they are trying to access.

    Just put the document outside of your web directory, don't let them just directly link. Below is code to put the file into a stream.

    Code:
    <?php
            $file = "test.pdf";
        $size = filesize($file);
        header("Cache-control: private");
        header("Content-Type: application/octet-stream");
        header("Content-Type: application/force-download");
        header("Content-Length: $size");
        if(preg_match("/MSIE 5.5/", $_SERVER["HTTP_USER_AGENT"])){
            header("Content-Disposition: filename=".$file,"pdf");
        }
        else
        {
            header("Content-Disposition: attachment; filename=".$file,"pdf");
        }
        readfile("$file");
        exit();
    
    ?>
    
    
     

Share This Page