Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

storing pdf files on server securely

Tags:

php

mysql

pdf

encryption

payment

I am deploying a website from where user can purchase the pdfs. now i am searching for the way for storing the pdfs so that it only can be downloaded when payment is done. I have came across one way in which i can store the pdfs in to the Mysql database and generate the path to it when required credentials fulfill.

Is there any other way to do this and link to the pdf file should be dynamic and encrypted so that other links to the other books can't be predicted.

and the server side language I am using is PHP

like image 751
nikhil Avatar asked Mar 22 '23 06:03

nikhil

2 Answers

  1. You need to store the files somewhere outside your website root like mentioned by Dagon. When file is uploaded use move_uploaded_file to move it. You can name the file anything you want (within OS limits) and keep the real name in the database.
  2. Then when the user has payed for the books, add the books the user has payed for to a table in a db.
  3. Give the user a list of all the books he has payed for like: /download/filename.pdf
  4. Add a mod_rewrite if you use Apache (or equivalent for other web servers) where /download/.* is redirected to download.php or a controller.
  5. On the download page, check if user is logged in and has access to the file. If not, redirect to purchase page for that book.
  6. If download is ok set header for the http status you need: Content-Length, Content-Type, Date, Status (200), maybe Content-Encoding.
  7. Use readfile to output the file to the end user.
like image 196
OIS Avatar answered Mar 31 '23 18:03

OIS

I would :

  • Deny any access to the files -- i.e. use a .htaccess file (That way, no-one has access to the file)

  • Develop a PHP script that would :

    • receive a file identifier (a file name, for instance ; or some identifier that can correspond to the file)
    • authenticate the users (with some login/password fields), against the data stored in the database if the user is valid, and has access to the file (This is if different users don't have access to the same set of files), read the content of the file from your PHP script, and send it the the user.

The advantage is that your PHP script has access to the DB -- which means it can allow users to log-in, log-out, it can use sessions, ...

Here is another answer from a stack user that fits this problem: Creating a Secure File Hosting Server for PDFs

like image 32
OBV Avatar answered Mar 31 '23 20:03

OBV
Sign in to Comment

Related questions

php output from mysql to html table
When is necessary to use static methods?
error with wamp server error #2002 could not open phpMyAdmin [duplicate]
Safe Login using Sessions & Cookies
Update if exist, insert row if not exist in MySQL
CakePHP: Find records from last hour
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''leave''
How to get Current Page URL in MediaWiki
Add conditions to existed WP_Query in Wordpress
PHP and jQuery progress bar while parsing
Return parent::function in a function
Calculate day of month with month, year, day of week and number of week
How to unit test function with some randomness
Ajax/php header:Location
How to check if specific key array element exists?
php soap envelope namespace <soap:Envelope and <SOAP-ENV:Envelope
How to retrieve http get parameters in link in Laravel?
mysql - How to pass main query value into a join in subquery
PHP switch - default if the variable is not set
Sorting an array based on a condition

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!