index.php
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>PDF File Browser</title>
</head>
<body>
<h1>PDF Files</h1>
<?php
$pdfFiles = glob('pdf/*.pdf'); // Assuming your PDF files are in a 'pdf' folder
if ($pdfFiles) {
echo '<ul>';
foreach ($pdfFiles as $pdfFile) {
$pdfFileName = basename($pdfFile);
echo '<li><a href="view.php?file=' . urlencode($pdfFileName) . '" target="_blank">' . $pdfFileName . '</a></li>';
}
echo '</ul>';
} else {
echo '<p>No PDF files found.</p>';
}
?>
</body>
</html>
หมายเหตุ folder pdf อยู่ในระดับเดียวกับ index.php
view.php
prevent direct access to the PDF files by using the view.php script without going through your website, you can implement some additional checks. Here’s an updated version of the
<?php
if (isset($_GET['file'])) {
$fileName = $_GET['file'];
$filePath = 'pdf/' . $fileName; // Assuming your PDF files are in a 'pdf' folder
if (file_exists($filePath) && strpos($_SERVER['HTTP_REFERER'], 'https://www.cymiz.com/cm/aek/index.php') !== false) {
header('Content-Type: application/pdf');
header('Content-Disposition: inline; filename="' . $fileName . '"');
readfile($filePath);
} else {
echo 'Invalid request or direct access is not allowed.';
}
} else {
echo 'Invalid request.';
}
?>
In this version, I’ve added a check to ensure that the request comes from your index.php page by examining the $_SERVER['HTTP_REFERER'] variable. This check ensures that the script is being accessed from a page within your website. Note that relying on the HTTP_REFERER header has some limitations, as it can be manipulated or not always present, but it provides a basic level of control in this context.
Keep in mind that this method is not foolproof, and if security is a major concern, you might want to consider more advanced authentication mechanisms or use a content management system (CMS) that provides built-in security features.