CodeIgniter Forums
How to secure a folder/document with session in codeigniter - Printable Version

+- CodeIgniter Forums (
+-- Forum: General (
+--- Forum: Lounge (
+--- Thread: How to secure a folder/document with session in codeigniter (/thread-70243.html)

How to secure a folder/document with session in codeigniter - ajaynshd - 03-29-2018

Most of the web applications stored confidential documents on different server/location and use these documents by a secured web API. But in case, if you are using the same server to stored the confidential documents, then you must need to secure the documents by session so that only authorized users can access these documents (like PDF, Images, ZIP, etc). Using this way you can also restrict unauthorized users to access any folder on your server.
You can achieve this in codeigniter or any other framework by using the following steps:

1) Create a htaccess file on root, if already created then skip this step.

2) Put this code in the .htaccess file:

RewriteEngine On
RewriteRule ^/?document_folder_path(.*){REQUEST_URI} [R=301,L]

a) Replace "document_folder_path" with your document folder path
b) Replace "" with your domain name
c) controller_file: create a controller in controller folder with an index function

3) Put the below code to your controller file:
class controller_file extends CI_Controller
public function __construct()

public function index()
  if( !empty( $_GET['req'] ) )
      // check if user is logged

        $url = $_GET['req'];
        $ptype=1; // tracking the type of file is being requested
        if (strpos($url, 'report_problem') !== false) {
            $pdf_name = md5(time()).'.png';
        }elseif(strpos($url, 'Signature') !== false) {
            $filename = "";
            $pdf_name = md5(time()).'.pdf';
        $pdf_file = $_SERVER['DOCUMENT_ROOT'].$url;
        if( file_exists( $pdf_file ) )
            if($ptype == 2){
                header('Content-Type: image/png');
                echo file_get_contents($pdf_file);
            }elseif($ptype == 3){
                //echo $filename.'<br> '.$pdf_file; die;
                header("Pragma: public");
                header("Expires: 0");
                header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
                header("Cache-Control: public");
                header("Content-Description: File Transfer");
                header("Content-type: application/octet-stream");
                header("Content-Disposition: attachment; filename=\"".$filename."\"");
                header("Content-Transfer-Encoding: binary");
                header("Content-Length: ".filesize($pdf_file));
                header('Content-Type: application/pdf');
                echo file_get_contents($pdf_file);
            //echo file_get_contents($pdf_file);

RE: How to secure a folder/document with session in codeignitor - XtreemDeveloper - 03-29-2018

You can put this code in your.htaccess file

deny from all

<Files ~ "^index\.php|JPG|png|jpg|JPEG|pdf">
Allow from all

By:Xtreem Solution

[Highly Skilled Laravel Developer](

[Dedicated PHP Developer](