Redirect files to simple form before downloading

Question

Hi I am trying to redirect all links to any pdf file in my site to a page with a form in it that collects user info before they can proceed to download/view the pdf.

Eg

I want to redirect *.pdf files in web site to request.php?file=name_of_pdf_being_redirected

Where request.php is the page with the form on it asking for a few details before proceeding.

All pdf's in the site are held inside /pdf folder.

Any ideas?

EDIT: sorry I'm using Apache on the server.

OK I'M GETTING THERE: I have it working now using:

RewriteEngine on RewriteRule ^pdf/(.+.pdf)$ request.php?file=/$1 [R]

But now when it goes to the download page when i want to let the person actually download the file my new rule is spitting the download link back to the form :-P haha so is there anyway to let it download the file once the form has been submitted and you're on download.php?

Answer 1

Ideas? You could start by telling us which web/app server you're using, that might help :-)

In Apache, you should be able to use a RewriteRule to morph the request into a different form. For example, turning /pub/docs/x.pdf into request.php?file=/pub/docs/x.pdf could be done with something like:

RewriteRule ^/pdf/(.*)\.pdf/  request.php?file=/$1.pdf

Keep in mind this is from memory (six years since I touched Apache and still clean :-), the format may be slightly different.

Update:

Now you've got that sorted, here's a couple of options for your next problem.

1/ Rename the PDFs to have a different extension so that they're not caught by the rewrite rule. They should be configured to push out the same MIME type to the client so that they open in the clients choice of viewer.

2/ Do the download as part of the script as well, not as a direct access to the PDF. Since the submission of the form is a HTTP request, you should be able to answer it immediately with the PDF contents rather than re-directing them again to the download page.

That second option would be my choice since it:

• stops people figuring out they can get to the PDFs just by requesting xx.pdfx instead of xx.pdf.
• makes it quicker for the person to get the PDF (they don't have to click on the link again).

Answer 2

Note, my answer is with respect to a .NET website, but I'm sure the same constructs exist somewhere in PHP.

I would have an HTTPModule with a path of *.pdf that simply does a Response.Redirect to request.php?...etc (in my case request.aspx) And then in the event handler for the button click on that page, when you know which pdf to display and that they're authorized, simple do a Response.ContentType = [MIME type of pdf], and then Response.WriteFile(pdfFile), and finally Response.End().

There are other things you can add to make it better, such as filesize, etc. But in the minimal case, this would work. If you want the code for it in C# I could come up with something in about 3 minutes, but in PHP i'm quite lost. I'd start out looking for HTTPModules and how to write them in PHP.

Googling for "PHP HTTPModule" leads to this: http://stackoverflow.com/questions/570833/equivalent-of-asp-net-httpmodules-in-php so, I may be a little wrong, but hopefully that's a starting point.

Answer 3

Use an .htaccess file if you're using an Apache web server. You'll need to make certain that you have mod_rewrite enabled, but once you do you can rewrite all files using these two simple lines:

RewriteEngine On RewriteRule ^.pdf$ /rewrite.php [NC,L]

If you are using IIS, you can accomplish something similar using ISAPI_Rewrite.

Your other alternative is to place your pdf's inside of a directory that is not publicly accessible and then any request made for a pdf resource would return an access denied error and the files could only be accessed through the appropriate download script.

Answer 4

You can try this:

• Move your files to a folder "outside" your web root so that no one can access it thru a browser
• Use sessions to detect whether a person has completed the form or not
• Use a php powered file download script. In its naivest form, it might look like this:

    if ( isset( $_SESSION[ 'OK_TO_DOWNLOAD' ] ) == false )
    {
        header( "Location: must_fill_this_first.php" );
        exit( 0 );
    }

    header( "Content-type: application/pdf" );
    // double check the above, google it as i am not sure

    echo file_get_contents( 'some_directory_inaccessible_thru_www/' . $_GET[ 'pdf_name' ] );
    // ideally a binary-safe function needs to be used above

This is a tried and tested technique I used on a website. The code example is a draft outline and needs refinement.

Answer 5

if($user==authenticated){
 //set pdf headers
 echo file_get_contents('actual.pdf');

no mod re-writes, hides actual source and is what i normally do - hope this helps