Calling a specific PDF file from a non web-accessible folder

[yiaggi]

Hi guys,

 

I hope you may be able to shed some light on a problem I am having. I am fairly new to PHP although do understand bits and peices such as login system.

 

Basically - I have a website with lets say 10 users (more like 500 but that will do for now!) - Each user has their own page wich is password protected.

 

Each month - I want to be able to upload PDF files to the server - which CAN ONLY BE ACCESSED BY THE RELEVANT user. They must not be able to see each others PDF files.

 

To do this I have been advised to have a non-web accessible folder on my server to put the PDF's in and then use PHP to handle the operation. Therefore my path would be:

 

1/ User logs into page

 

2/ User clicks the PDF link

 

3/ PF link goes to PHP page that checks they are logged in and then the PDF they want before delivering to the server.

 

I do actually understand the theory but my PHP is not at the stage where I can just write the code that will handle the operation. I am also very confused over how to access the non-web accessible files!

 

Could anyone please give me an example of the code I will need to use to a) check the user is logged in (I guess I can use the same code I used for the login) and then b) call the relevant PDF and display it? I have been given a path of c:\blahblahblah to access my PDF files but don't even know how to begin implimenting this!

 

Here is the code I use for my login system. Could anyone show me how to adapt it to get what I need?

 

Thank so much for anyone that can help - hopefully I will be in a position to give back one day!

 

--------------------------------------------

if(isset($_SESSION['loggedin']))

{

    header("Location:" . strtolower($username) . ".php");

 

if(isset($_POST['submit']))

{

  $username = mysql_real_escape_string($_POST['username']);

  $password = mysql_real_escape_string($_POST['password']);

  $mysql = mysql_query("SELECT * FROM mydb WHERE username = '{$username}' AND password = '{$password}'");

  if(mysql_num_rows($mysql) < 1)

  {

    die("Password or Username incorrect! Please <a href='login.php'>click here</a> to try again");

  }  $_SESSION['loggedin'] = "YES";

  $_SESSION['username'] = $username;

  header("Location:" . strtolower($username) . ".php");

 

AND THEN IN THE HEADER OF THE PAGES

 

<?php

session_start();

if(!isset($_SESSION['loggedin'])) {

  header('Location: /login.php');

} elseif ($_SESSION['username'] . '.php' != basename($_SERVER['SCRIPT_FILENAME']) ) {

  // Logged in user attempting to view someone else's page

  header("Location:" . strtolower($_SESSION['username']) . ".php");

  exit;

}

?>

 

Again - any help would be truly appreciated. I will say now that the last person I asked said "Use the open() function - that'll work!" ...... answers like that are a bit lost on me at the moment and leave me even more confused!

 

Cheers in advance