# [SOLVED] Content-Disposition in header (PHP problem)



## FredT (Nov 16, 2007)

Hi,

I'm trying to password protect some PDF files and I thought I would go about it this way:


```
<?php
//password checking stuff goes here
//if everything goes through ok, it gives you the pdf:

header('Content-type: application/pdf');
readfile('pdf/file.pdf');

?>
```
That worked great in my primary web browser, but I checked it in Firefox which didn't have the Adobe Reader plugin installed and I ran into a problem. It wanted to download the file, but with a .php extension. The file downloaded fine and would have displayed had I changed the extension from .php to .pdf

I put in:

```
header('Content-Disposition: attachment; filename="file.pdf"');
```
to solve the problem, but now it downloads on browsers that have the plugin installed as well. This isn't a huge problem, but I would prefer (for the user's convenience) that the file would open up in-browser if possible.

I don't know how I could fix this besides only including the Content-Disposition if the user had the plugin installed, but I couldn't find a way to check that.

Any suggestions or do you think I should just let everyone download the files to the desktop before viewing them?

P.S. I hope this makes sense. Let me know if I need to clarify.


----------



## jamiemac2005 (Jul 5, 2007)

*Re: Content-Disposition in header (PHP problem)*

Hey, you can embed PDF in HTML can't you? i forget to be honest, but try just using the Embed tag to embed the file in a page (and make it 100% width/height or something)... Then if that works turn it into a full object (rather than just embedding). And you sort of force the thing to either load or show "You must have blah blah blah plugin installed to view this"... Then if that's not quite convineint enough you could add a download/direct link for the .pdf for those who don't want to install pdf viewer plugins.

That will probably lead to security issues but then you could throw another layer in there which drags the file from a non-requestable URL (somewhere not in your server's doc root)... Either way if that^^ was complete jibberish feel free to post back and i'll take a look at what i can come up with (code wize, rather than just theoretical junk) =]

Cheers,
Jamey


----------



## FredT (Nov 16, 2007)

*Re: Content-Disposition in header (PHP problem)*

That does make sense jamiemac, thanks.

I just came up with a different idea, to edit the .htaccess file to parse .pdf files and save my

```
<?php 
//password checking stuff goes here 
//if everything goes through ok, it gives you the pdf: 

header('Content-type: application/pdf'); 
readfile('pdf/file.pdf'); 

?>
```
as a .pdf

That way, if the plugin was absent and the browser wanted the download, it would download normally as file.pdf

I used this in the .htaccess:

```
RemoveHandler .pdf
AddType application/x-httpd-php .php .pdf
```
but it didn't work. It just downloaded the file with the php still un-parsed. Can you not do this with the .pdf extension because it's not a text-based file?


----------



## jamiemac2005 (Jul 5, 2007)

*Re: Content-Disposition in header (PHP problem)*

Actually yeah, makes sence that...

You should be able to do what you've done with .htaccess the way you've done it, i don't see why that's not working... Did you try restarting your testing server? (just because i've had .htaccess be a little annoying like that before)... Could also check your .conf file.

Cheers,
Jamey


----------



## FredT (Nov 16, 2007)

*Re: Content-Disposition in header (PHP problem)*

I'm not too experienced with tinkering with these Apache preference files, what should I be checking in the .conf?

And I don't think I can restart the server because it's a third party shared hosting account.


----------



## jamiemac2005 (Jul 5, 2007)

*Re: Content-Disposition in header (PHP problem)*

Haha me neither to be honest.

You could try this as a directory directive in your httpd.conf file: http://httpd.apache.org/docs/2.0/howto/htaccess.html (How directives are applied section)... I use XAMPP and they mess with .htaccess on windows like a madman so i've been doing this the past few days.

Ohhh, okay, maybe it's the fact that you're on a third party server then, who's the host? ask them if they've changed the .htaccess extension/name?

Cheers,
Jamey


----------



## FredT (Nov 16, 2007)

*Re: Content-Disposition in header (PHP problem)*

I ran a little test and changed the htaccess to parse html files and added some PHP in one. When I went to the page, instead of displaying it, it downloaded as a .html page with the PHP unparsed. Now every html page downloads. What could cause that?

My full .htaccess file is now this: (it also includes something to password protect the public_html directory because the site is still under construction)

```
AuthType Basic
AuthName "Site Under Construction"
AuthUserFile "/home/gsw000/.htpasswds/public_html/passwd"
require valid-user
RemoveHandler .html
AddType application/x-httpd-php .php .html
```


----------



## jamiemac2005 (Jul 5, 2007)

*Re: Content-Disposition in header (PHP problem)*

Hmm, it might have something to do with the application/x-httpd-php then. What version of PHP is the server running? if it's PHP 5 then : _..._httpd-php5_..._

Other than that all i can think of is the actual handler not working correctly, i'm sure the application is defined in a file somewhere? (httpd.conf)... It might be worth finding it.

Cheers,
Jamey


----------



## FredT (Nov 16, 2007)

*Re: Content-Disposition in header (PHP problem)*

Nope, its php 4.4.9

I'll try to find httpd.conf


----------



## FredT (Nov 16, 2007)

*Re: Content-Disposition in header (PHP problem)*

Hey I figured it out!

I found an button on cPanel that said Apache Handlers so I checked it out and it gave me a GUI to add extension handling. I put in .pdf and gave the action as application/x-httpd-php. I tested the pdf and it worked perfectly 

Then I went back to the .htaccess to see exactly what had happened behind the scenes while I was safe behind the GUI and it turns out it was supposed to be AddHandler not AddType to make the change.

Thanks for all the help


----------



## jamiemac2005 (Jul 5, 2007)

*Re: Content-Disposition in header (PHP problem)*

Hah, i've always seen AddType used, but glad you got it sorted. 

Cheers,
Jamey


----------

