Show pdf files only for logged user

Notice: This thread is very old.
xlilien
Member | 27
+
0
-

Hi, I would like to ask whether is it possible to show pdf files in browser which are stored on the server only when you are logged in?

A good example of this situation could be: there is an e-shop, which stores its invoices on the server. When a request to show the invoice comes, you need to check whether the user is logged in (or is administrator, or whatever) and then show the pdf invoice in browser (because its much more comfortable than to force user to download it).

Routing and checking whether user is logged in is pretty straightforward, I am just wondering how to send the proper response to the browser. Is it possible to have the restricted folder in www folder? If yes, what would the .htaccess file be?

Thanks in advance for your advices!

Majkl578
Moderator | 1364
+
0
-

Routing and checking whether user is logged in is pretty straightforward, I am just wondering how to send the proper response to the browser.

You are interested in FileResponse. To send it from presenter:

$presenter->sendResponse(new FileResponse($pathToFile));

Is it possible to have the restricted folder in www folder? If yes, what would the .htaccess file be?

I think safer & better would be saving these files somewhere else than in www/, e.g. in app/, but that's not that important as long as the files are not accessible from browser. The .htaccess would look like:

Order Allow,Deny
Deny from all
xlilien
Member | 27
+
0
-

Majkl578 wrote:

$presenter->sendResponse(new FileResponse($pathToFile));

Thanks a lot for your reply! I tried this one before, the only problem is, that this piece of code downloads the file instead of just showing it in the browser.

Majkl578
Moderator | 1364
+
0
-

this piece of code downloads the file instead of just showing it in the browser

Try to specify third argument – content type. By default, it's octet-stream (forced download).

The following code sends PDF to client, filename will be the same as of the source file.

$presenter->sendResponse(new FileResponse($pathToFile, NULL, 'application/pdf'));

Keep in mind that it's up to the browser how the file is finally handled – it depends on the clients capabilities. If user has Firefox (which has a built-in PDF support) or an Adobe Reader plugin, it should be used.

xlilien
Member | 27
+
0
-

Majkl578 wrote:
The following code sends PDF to client, filename will be the same as of the source file.

$presenter->sendResponse(new FileResponse($pathToFile, NULL, 'application/pdf'));

Keep in mind that it's up to the browser how the file is finally handled – it depends on the clients capabilities. If user has Firefox (which has a built-in PDF support) or an Adobe Reader plugin, it should be used.

Even with using suggested mime type the pdf would be downloaded instead of being showed in the browser.

After further exploration I realized that FileReponse sets Content-Disposition header to be attachment and thats why the file is being downloaded. When you replace the attachment with inline, the pdf file will be shown in the browser as expected.

In the end, I just created a class PdfResponse, which extends the original FileResponse and replace the piece of code mentioned above.

What do you think about the solution? Dont you think it could be implemented in the FileResponse by default?

Last edited by xlilien (2013-07-08 10:50)