barbara1712 — 2012-05-02T01:28:44-04:00 — #1
I am having one manual in PDF file on root folder. Currently, when I access this manual directly like
http://www.mysite.com/mymanual.pdf it gets opened directly, what I want is when I access this url, instead of getting opened, it should get redirect to login page and when I logged in with the system, then manual should get opened.
This behaviour should be only when the user is not logged in. If the user is logged in and tries to access the manual, it should get opened.
Please help me. Your help will be highly appreciated.
Thanks in advance.
barbara1712 — 2012-05-02T06:05:40-04:00 — #2
can anyone help me out?
mandes — 2012-05-02T06:51:00-04:00 — #3
Youd have to set a session cookie using javescript once the client has logged in.
Then use use .htaccess to check for that cookie before allowing access to the file(s) your protecting.
barbara1712 — 2012-05-02T07:13:56-04:00 — #4
Can you please help me with cookie and .htaccess files
ralphm — 2012-05-02T07:29:39-04:00 — #5
Another approach might be to put this PDF file inside a folder that is password protected. Here's an easy way to do that:
Otherwise, here's another thread that discusses an alternative:
mandes — 2012-05-02T07:50:43-04:00 — #6
Ralphs idea of just locking down the folder was my first thought, but then your users would need to enter a username and password to get in the directory regardless of whether they are already locked in or not.
The .htaccess route is more comprehensive BUT very much more complicated and if you arent familiar with rewrite rules etc, perhaps Ralph's idea is the one you should go with at this time.
tom8 — 2012-05-02T10:02:32-04:00 — #7
RewriteRule ^mymanual.pdf$ login.php
if($_COOKIE['password']=="password" || login())
setcookie('password','password',time() + 60); // expire in 1 minute
echo "<h3>Valid password required!</h3>".
'<form method="post" action="login.php">'.
'Password: <input name="password"/>'.
'<input type="submit" value="Send"/>'.
starlion — 2012-05-02T10:09:44-04:00 — #8
Or... you could do what most PHP-download sites do, and never directly link someone to the file, use a PHP page to output the contents, and redirect if they're not logged in, which is what tom is showing you how to do
mandes — 2012-05-02T13:01:53-04:00 — #9
Thats a neat trick Tom, consider it stolen
tom8 — 2012-05-02T14:05:18-04:00 — #10
You are welcome to it
Originally I tried to do it using only .htaccess but could not come up with a good solution. Then I used your suggestion and came up with that so that is really yours.
starlion — 2012-05-02T14:08:00-04:00 — #11
Needs a return at the end of the function though.
oddz — 2012-05-02T14:13:54-04:00 — #12
The way this should be handled is as tom6 and StarLion suggested with the modification of storing the file itself outside of http access. That way it can never be accessed directly though http only indirectly through a script that can control access privileges.