Making a downloadable file password protected on webpage

Question

I want to make a webpage which has download option for a pdf, but i want it password protected i.e. if someone clicks on that link he has to enter username and password and if he directly open the link "www.example.com/~folder_name/abc.pdf" then server ask for password first and then allow to download

Edit: I want user to view the file in browser, not to force it to download here is my code

<?php
    /* authentication script goes here*/
    $file = 'http://example.com/folder_name/abc.pdf';

    //header('Content-Description: File Transfer');
    header('Content-Type: application/pdf');
    header('Content-Disposition: inline; filename=' . basename($file));
    header('Content-Transfer-Encoding: binary');
    //header('Expires: 0');
    //header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
    //header('Pragma: public');
    header('Content-Length: ' . filesize($file));
    header('Accept-Ranges: bytes');
    @readfile($file);

?>

but this code is not opening pdf in my browser. I don't want code to depend upon pdf plugin used by browser

Just clarifying... is the password protection only for downloading? So you still want people to have access to the PDF file but not downloading it until they enter a username/password? — aug, Sep 06 '13 at 16:31
no, view permission also goes through authentication, i have my own authentication script — , Sep 06 '13 at 18:49

score 1 · Answer 1 · answered Sep 04 '13 at 05:32

1

You can make a .htaccess file in the web folder you have the download set up at so that before anyone can enter the domain, they have to enter the correct user and password to get in.

Here's a blog post that I used when I set up my own but essentially your .htaccess file will look like this:

AuthType Basic
AuthName "restricted area"
AuthUserFile /path/to/file/directory-you-want-to-protect/.htpasswd
require valid-user

You also need to create a .htpasswd file where you can put a username and a password. The password needs to be encrypted with MD5 hash but you can use the generator he links to in his blog. Hope this helps.

answered Sep 04 '13 at 05:32

aug

11,138
9
72
93

Actally username and password are different for different persons. i made a php script for username and password verification. so any other suggestion for .htpasswd verification? – Sep 04 '13 at 05:36
You can have as many users/password combinations you want in the `.htpasswd` and they can be the same or different. You would just need to make an entry for each different person and put in the MD5 encrypted unique password for each of them. Is that the issue you were talking about? Maybe I am misunderstanding your question. – aug Sep 04 '13 at 06:26
i am using a script to verifying username and password, so how can i do it by htpasswd? – Sep 06 '13 at 15:34
I might have misunderstood your question. – aug Sep 06 '13 at 16:32
what if people share links ? could they download the files ? – Francisco Corrales Morales Jan 29 '15 at 16:45

JTC · Answer 2 · 2013-09-04T05:52:52.250

0

You can still use .htaccess to not let anyone directly download your document and secure the link to the document instead.

.htaccess could be like this

RewriteRule ^([A-Za-z0-9-]+).pdf$ index.php [L,QSA]

And you can use php for that.

Somethink like this

<?php

    //here you authenticate user with your script

    //and then let the user download it
    if (!isset($_SESSION['authenticated']))
    {
       header('Location: http://www.example.com/');
       exit;
    }
    $file = 'www.example.com/~folder_name/abc.pdf';

    header('Content-Description: File Transfer');
    header('Content-Type: application/octet-stream');
    header('Content-Disposition: attachment; filename=' . basename($file));
    header('Content-Transfer-Encoding: binary');
    header('Expires: 0');
    header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
    header('Pragma: public');
    header('Content-Length: ' . filesize($file));
    ob_clean();
    flush();
    readfile($file);
    exit;
?>

edited Sep 04 '13 at 05:52

answered Sep 04 '13 at 05:47

JTC

3,344
3
28
46

1

I want user to view this file in new tab of browser but without actually noting the path of file. Is it possible ? – Sep 06 '13 at 15:24
You want him to view the whole pdf file, but not allow him to download it? – JTC Sep 07 '13 at 09:07
1

he can download the file, but it should not be forced download. it should depend on user's choice but i want that user can't note the actual path of file. – Sep 07 '13 at 12:20
1

and one more thing, by downloading file by above method, windows showing its size as 0 bytes and adobe is stating that file is not encoded correctly – Sep 07 '13 at 12:22

Making a downloadable file password protected on webpage

2 Answers2

Linked