I'm trying to hide my pdf files from users but I want them to be downloadable.
Heres my file structure
+-- index.php
+-- download.php
+-- content
+-- .htaccess
+-- files
+-- pdf.pdf
+-- pdf2.pdf
I tried to block users access to the content folder with .htaccess
.
deny from all
But when i download pdf file with this
//download.php
header('Content-Type: application/pdf');
$file = "http://localhost/content/files/pdf2.pdf";
header("Content-Transfer-Encoding: Binary");
header("Content-disposition: attachment; filename=\"" . basename($file) . "\"");
Browser can't load it.
I can't figure out another way to do this
Users can upload files to the site and decide a price for it.
And when you have paid for it you can download it. There will be mysql query before downloading to check if user have bought it
Your download.php
file is just setting some headers to tell the browser to download the file. It doesn't actually write the content of the file in the response. You just have to add the following line of code to the end of download.php
:
readfile($_SERVER['DOCUMENT_ROOT'] . "/content/files/pdf2.pdf");
NOTE: As gview mentioned in the comments, the proper way to do this would be to move the files outside the document root so they cannot be accessed regardless of your per-directory htaccess file. You can still use my solution, but instead of using $_SERVER['DOCUMENT_ROOT']
, you would put the server path. Like this:
readfile("/server/path/to/content/files/pdf2.pdf");