hariskar Posted September 22, 2018 Share Posted September 22, 2018 (edited) With php registered users have access, each to their own results when they click to www.site.com/results. The results are pdf. So when a user clicks on results he can see a page with the links to all the pdf of his results. The problem is that if someone copies and pastes this link he can also see the results even if he is not registered. How could I avoid this? Here is the code: Thank you! <?php if ($_SESSION['username']=="user1") { readfile("https://www.site.com/results/user1.html"); } elseif($_SESSION['username']=="user2") { readfile("https://www.site.com/results/user2"); } else { ?> <p>Αν θέλετε να μπορείτε να βλέπετε τα αποτελέσματά σας online και να τα κατεβάζετε σε μορφή pdf παρακαλώ <b>ενημερώστε μας</b> προφορικά, με email ή συμπληρώνοντας τη <a href="forma -epikoinonias">φόρμα επικοινωνίας</a> και <a href="https://www.site.com/user/register">εγγραφείτε στην ιστοσελίδα μας</a>.</p> <?php } ?> Edited September 22, 2018 by hariskar Link to comment Share on other sites More sharing options...
dsonesuk Posted September 22, 2018 Share Posted September 22, 2018 (edited) If user logs out, clear sessions. OR https://stackoverflow.com/questions/7127153/php-how-can-i-block-direct-url-access-to-a-file-but-still-allow-it-to-be-downl Edited September 22, 2018 by dsonesuk Link to comment Share on other sites More sharing options...
Funce Posted September 24, 2018 Share Posted September 24, 2018 You've stated that you have a page that requires users to be logged in to view. Could you duplicate the code that checks if they're logged in and place it before the code you've posted? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now