// // Action secure-doc /docsecure.php // // AddHandler secure-doc .pdf .PDF # Specify file extensions here. // // // // Require a customized function library for access control require("./functions/security_functions.php"); // Initialize some variables $URIparts = explode('?', $_SERVER['REQUEST_URI']); // Get URI of requested document w/o parameters $errorpage = 'http://www.mydomain.com/myerror.php'; // Full path preferred for redirect $$docpath = 'documents/'; // Pre-specified document path // Start or re-start the session, for access to authentication credentials session_start(); // Must be placed before any output to the browser // Call some custom function to control access to document secure_page(array('mygroup')); // Limit access to members of group "mygroup" // Specify available documents (This could be read from a database table, and // possibly customized according to the authenticated username.) $allowedDocs = array ('documentone.pdf', 'documenttwo.pdf', 'documentthree.pdf', 'documentfour.pdf', ); foreach($allowedDocs as $thisDoc) { if($docpath . $thisDoc == $URIparts[0]) // Using pre-specified path for added security { $filename = $_SERVER['DOCUMENT_ROOT'] . $docpath . $thisDoc; if (file_exists($filename)) { $download_size = filesize($filename); if (isset($_SERVER["HTTPS"])) { // We need to set the following headers to make downloads work // using IE in HTTPS mode. header("Pragma: "); header("Cache-Control: "); header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Cache-Control: no-store, no-cache, must-revalidate"); // HTTP/1.1 header("Cache-Control: post-check=0, pre-check=0", false); } else { header("Cache-Control: no-cache, must-revalidate"); header("Pragma: no-cache"); } header('Content-type: application/pdf'); header('Content-Disposition: inline; filename="' . $thisDoc . '"'); header("Accept-Ranges: bytes"); header("Content-Length: $download_size"); readfile($filename); exit; } } } // End foreach $errorMessage = 'Sorry; you do not have permission to access that document.'; header("Location: $errorpage?errorMessage=$errorMessage"); exit;