Help! not to allow direct access to manual PDF file and redirect to login page

barbara1712 · May 2, 2012, 5:28am

Hi,

I am having one manual in PDF file on root folder. Currently, when I access this manual directly like
http://www.mysite.com/mymanual.pdf it gets opened directly, what I want is when I access this url, instead of getting opened, it should get redirect to login page and when I logged in with the system, then manual should get opened.

This behaviour should be only when the user is not logged in. If the user is logged in and tries to access the manual, it should get opened.

Please help me. Your help will be highly appreciated.

Thanks in advance.

barbara1712 · May 2, 2012, 10:05am

can anyone help me out?

Its urgent!!

Mandes · May 2, 2012, 10:51am

Youd have to set a session cookie using javescript once the client has logged in.
Then use use .htaccess to check for that cookie before allowing access to the file(s) your protecting.

barbara1712 · May 2, 2012, 11:13am

Thanks Mandes.

Can you please help me with cookie and .htaccess files

ralphm · May 2, 2012, 11:29am

Another approach might be to put this PDF file inside a folder that is password protected. Here’s an easy way to do that:

http://www.netregistry.com.au/support/articles/password-protection-linux-website

Otherwise, here’s another thread that discusses an alternative:

Mandes · May 2, 2012, 11:50am

Ralphs idea of just locking down the folder was my first thought, but then your users would need to enter a username and password to get in the directory regardless of whether they are already locked in or not.

The .htaccess route is more comprehensive BUT very much more complicated and if you arent familiar with rewrite rules etc, perhaps Ralph’s idea is the one you should go with at this time.

tom8 · May 2, 2012, 2:02pm

Examples -

.htaccess:

RewriteEngine on
RewriteRule ^mymanual.pdf$ login.php

login.php:

<?
   if($_COOKIE['password']=="password" || login())
   {
	   header("Content-type:application/pdf");
	   readfile("mymanual.pdf");
	   exit;
   }
   function login()
   {
	   if($_REQUEST['password']=="password")
	   {
		   setcookie('password','password',time() + 60); // expire in 1 minute
		   return 1;
	   }
	   echo "<h3>Valid password required!</h3>".
			   '<form method="post" action="login.php">'.
			   'Password: <input name="password"/>'.
			   '<input type="submit" value="Send"/>'.
			   '<form>';
   }
?>

StarLion · May 2, 2012, 2:09pm

Or… you could do what most PHP-download sites do, and never directly link someone to the file, use a PHP page to output the contents, and redirect if they’re not logged in, which is what tom is showing you how to do

Mandes · May 2, 2012, 5:01pm

Thats a neat trick Tom, consider it stolen

tom8 · May 2, 2012, 6:05pm

You are welcome to it

Originally I tried to do it using only .htaccess but could not come up with a good solution. Then I used your suggestion and came up with that so that is really yours.

StarLion · May 2, 2012, 6:08pm

Needs a return at the end of the function though.

oddz · May 2, 2012, 6:13pm

The way this should be handled is as tom6 and StarLion suggested with the modification of storing the file itself outside of http access. That way it can never be accessed directly though http only indirectly through a script that can control access privileges.