Issue with incorrect filename downloading or saving pdf file using acrobat plugins

When we try to secure our pdf files from direct url access using .htacess, we then encounter the problem in incorrect file name of downloaded pdf file. This is just a small issue but to the client this is a big hassle renaming each downloaded pdf to the correct filename.

Solution
 
Just by including the url filename in the url like below will do the trick

www.wtfthiscode.com/secure.php/mypdfilename?key=hashkeytomypdffile


Simple example on how to secure your public pdf file

Since we can't directly transfer the files away from public folder and due to time constraints. We decided to settle with .htaccess
 
.htaccess

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?wtfthiscode.com [NC]
RewriteRule \.(pdf)$ - [NC,F,L]

The rewrite rule prevents any direct access to pdf files where the .htaccess file is located. We put the .htaccess file in uploads directory. If you don't have problem with rewrite in your web server, accessing the url like below will be forbidden. Note: this includes any url with .pdf in the end

www.wtfthiscode.com/uploads/mypdffile.pdf

Instead, you will access the file with below. We pass the file name to secure.php, it will then fetch it for us

www.wtfthiscode.com/secure.php?pdf=mypdffile.pdf&someparams
www.wtfthiscode.com/secure.php?pdf=hashkeytomypdffile

secure.php

<?php
header('Content-type: application/pdf');
header('Content-Disposition: inline; filename="mypdffile.pdf");
header('Content-Transfer-Encoding: binary');
header('Accept-Ranges: bytes');
echo file_get_contents('/pathto/mypdffile.pdf');
?>
 


Comments

Post a Comment

Popular posts from this blog

Basic Authentication Using .htaccess In Wamp/Xampp Server

This is how we create a basic authentication using .htaccess file in windows. The use case is when you provide a simple api to your client. This will secure the url with user and password using basic auth. Accessing the path and any files  below url user must authenticate first. http://localhost/secure/ Following the steps below we will have the .htaccess and .htpasswd inside \secure folder. This folder is in your local web server 1. Create the .htaccess file in folder that you want to secure (in this example secure/ folder). The .htaccess file should contain the 4 lines below    AuthType Basic  AuthName "Restricted Content"  AuthUserFile D:/wamp/www/secure/.htpasswd  Require valid-user 2. To create the .htpasswd file, using command line locate the bin directory ( where htpasswd.exe is located ) in the active version of apache ( D:\wamp\bin\apache\apache2.0.63\bin ). Run  htpasswd -c D:\wamp\www\secure\.htpasswd user should look like ...
Read more

Prevent parent anchor tag to redirect when a child is clicked

Listen to click event of a child element within anchor tag. <a href="www.google.com" id="parent">    <img src="image.jpeg"/>     <div id="child">Delete</div> </a> jquery approach $('a#parent').on('click', '#child', function(e){     e.preventDefault();          //you only need this if you have a click event in parent element     //e.stopPropagation();      alert($(this).html()); });
Read more