ACL for TCPDF

Restrict PDF downloads to specific registered users.

Overview

PDFs generated by TCPDF are accessible via direct URL, allowing unauthorized downloads.
Save files outside the public directory, store user IDs and filenames in a database, and create a download form that verifies login and user ownership before serving the file.

st stefanomaxis 11 Jan, 2021

Hi, is it possible to add ACL to pdf created with TCPDF ? Actually it's possible to access to them just putting the url where they are saved, but I'd like to permit the download only to the registered user who fills the form.

Thanks
Stefano

Max_admin 13 Jan, 2021

Answer

you can save the files to a non accessible path, outside the public directory, then serve them using a different form page which has a download action!

Max, ChronoForms developer
ChronoMyAdmin: Database administration within Joomla, no phpMyAdmin needed.
ChronoMails simplifies Joomla email: newsletters, logging, and custom templates.

st stefanomaxis 13 Jan, 2021

Thanks, for the answer.
I've already saved in a not public path, but how can I do that only the owner can download its pdf? Role isn't enough. How can I connect that specific pdf to him? Any example?
Thanks again

Gr GreyHead 14 Jan, 2021

Hi stefanomaxis,

You will need to save the user id and file name to a database table if you aren't already doing so. Then create the download form as Max described, require the user to be logged in, then read the database to show links to download the forms.

Bob

st stefanomaxis 14 Jan, 2021

Ok, thanks

This topic is locked and no more replies can be posted.