I have develop system to scan and read file inside folder.
And I stored all pdf file inside uploads folder inside root directory. Directory as below.
htdocs/test_system/uploads/test123.pdf
In my HTML, PHP and JQuery code, I already pass the test123.pdf into form value using jQuery as below.
<form action="" method="POST">
<input id="filename_verify" type="hidden" class="form-control" name="filename_verify" placeholder="" value="test123.pdf" readonly="readonly">
<button type="submit" id="" name="verify" class="btn btn-success btn-block">Submit</button>
</form>
My next step is to check whether the filename match with the database before user can open the file. PHP code as below.
if(isset($_POST['verify']))
{
$filename_verify = $_POST['filename_verify'];
$sql = DB::getInstance()->FetchArray("select filename from table where filename = '".$filename_verify."' ");
if(count($sql) > 0)
{
foreach($sql as $row){}
header("Location: uploads/".$filename_verify."");
}
else
{
echo 'Not match';
exit;
}
}
I can open file successfully but the problem is URL obviously show the directory of the file like this so the publis can easily predict the directory and can manipulate the filename using URL.
https://www.system.com/uploads/test123.pdf
How can I secure and encrypt the URL so the user cannot see the actual directory like above URL ?
Appreciate if someone can help me. Thanks.