prevent direct access to PDF link for guest users

Question

I have a joomla site. And have some pdf files into the root of the website.

Is there a way to protect the DIRECT ACCESS to the pdf's for the GUESTS(public) users.. and allow for REGISTERED users?

I tried with htaccess(deny) but registered users can't view the pdf directly too.. Searched but didn't find nothing about this.. PLEASE can somebody help.

Thank you

Answer 1

Create a file called download.php

Add the following code to download.php file enclose with php tag

define('_JEXEC', 1);
define('DS', DIRECTORY_SEPARATOR);

if (file_exists(dirname(__FILE__) . '/defines.php')) {
    include_once dirname(__FILE__) . '/defines.php';
}

if (!defined('_JDEFINES')) {
    define('JPATH_BASE', dirname(__FILE__));
    require_once JPATH_BASE.'/includes/defines.php';
}

require_once JPATH_BASE.'/includes/framework.php';

// Mark afterLoad in the profiler.
JDEBUG ? $_PROFILER->mark('afterLoad') : null;

// Instantiate the application.
$app = JFactory::getApplication('site');

// Initialise the application.
$app->initialise();

$user    = JFactory::getUser();
$getfile = JRequest::getVar('file',null,'get','string');

if($getfile){

    if($user->get('id') == 0){
      die('permission denied');
    }


    $link = "/files/".$getfile.".pdf"; // Locate the pdf file
    $file = JPATH_SITE.$link;

    header("Content-Type: application/octet-stream");

    $filename = $getfile.'.pdf';

    header("Content-Disposition: attachment; filename=".urlencode($filename));
    header("Content-Type: application/force-download");
    header("Content-Type: application/octet-stream");
    header("Content-Type: application/download");
    header("Content-Description: File Transfer");
    header("Content-Length: " . filesize($file));
    flush(); // this doesn't really matter.

    $fp = fopen($file, "r");

    while (!feof($fp))
    {
      echo fread($fp, 65536);
      flush(); // this is essential for large downloads
    }
    fclose($fp);
}

$app->close();

URL example :- www.example.com/download.php?file=filename

And make sure you have change the $link variable as you need.

Answer 2

In .htacess file you have to add the following code

deny from all

And it should be located under the invoice folder where the pdf files is located.

If you use deny from all then file do not have download access for the particular directory where the htacess file is located.

To allow download access for registered user the below controller has to be called instead of direct file path url.

URL example :- www.example.com/index.php?option=com_temp&task=temp.downloadmypdf&file=filename

public function downloadmypdf(){

    $user    = JFactory::getUser();
    $getfile = JRequest::getVar('file');

    if($user->get('id') == 0){
      die('permission denied');
    }

    $link = "/invoice/".$getfile.".pdf";
    $file = JPATH_SITE.$link;

    header("Content-Type: application/octet-stream");

    $filename = $getfile.'.pdf';

    header("Content-Disposition: attachment; filename=".urlencode($filename));
    header("Content-Type: application/force-download");
    header("Content-Type: application/octet-stream");
    header("Content-Type: application/download");
    header("Content-Description: File Transfer");
    header("Content-Length: " . filesize($file));
    flush(); // this doesn't really matter.

    $fp = fopen($file, "r");

    while (!feof($fp))
    {
      echo fread($fp, 65536);
      flush(); // this is essential for large downloads
    }
    fclose($fp);

    JFactory::getApplication()->close();
}

Credits goes to Ashlin rejo.

Answer 3

You must use document management plug-in if you wont want to write your own php codes.SO, DOCman is a powerful document management solution for Joomla. You can check it from following link.

http://extensions.joomla.org/extensions/directory-a-documentation/downloads/10958