Home/ Questions/Q 7986825
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-04T11:57:48+00:00

I’m working to develop a website that allows clients to log in and see

  • 0

I’m working to develop a website that allows clients to log in and see various PDFs saved on the server. These PDFs will be unique to the client and should not be accessible by someone who is not logged in. Getting the files onto the server shouldn’t be an issue, I’m just not sure on how to serve them to end users.

I’ve implemented this kind of thing with data from SQL servers being served instead of files, so I’m not entirely sure what the most effective way to go about this.

The website is on a LAMP and my minimal experience is in PHP (but if a framework or other language would make this easier, I can learn it).

I’m probably in over my head but I usually am, so any input would be great.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Put the files outside of the webroot. Then using PHP pass the file though a script. That way no one can link to the file directly and bypass your controls. (Naturally make sure the script that does this only after verifying the user has permission to retrieve that file).

    Sample PHP:

    <?php
    session_start();
    if (!isset($_SESSION['authenticated'])) {
        exit;
    }
    $file = '/path/to/file/outside/www/secret.pdf';

    header('Content-Description: File Transfer');
    header('Content-Type: application/octet-stream');
    header('Content-Disposition: attachment; filename=' . basename($file));
    header('Content-Transfer-Encoding: binary');
    header('Expires: 0');
    header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
    header('Pragma: public');
    header('Content-Length: ' . filesize($file));
    ob_clean();
    flush();
    readfile($file);
    exit;
?>
    • 0