File: /srv/www/rectt-csmcri.res.in/public_html/serve_pdf.php
<?php
session_start();
include_once 'sites/config/config.php';
// Get PDF ID or application ID as a GET parameter
$application_id = $_GET['application_id'] ?? null;
if (!$application_id || !isset($_SESSION['user_id'])) {
http_response_code(403);
exit('Access denied.');
}
if (!isset($_SESSION['user_id'], $_SESSION['session_token'])) {
session_destroy();
header("Location: logout.php");
exit;
}
$user_id = $_SESSION['user_id'];
$token = $_SESSION['session_token'];
$stmt = $conn->prepare("SELECT session_token FROM users WHERE id = ?");
$stmt->bind_param("i", $user_id);
$stmt->execute();
$stmt->bind_result($db_token);
$stmt->fetch();
$stmt->close();
if ($token !== $db_token) {
session_destroy();
die("You have been logged out because your account was logged in elsewhere.");
}
// $user_id = $_SESSION['user_id'];
// Look up the application and the path
$stmt = $conn->prepare("SELECT user_id, pdf_path FROM all_applications WHERE application_table_id = ? LIMIT 1");
$stmt->bind_param("i", $application_id);
$stmt->execute();
$app = $stmt->get_result()->fetch_assoc();
$stmt->close();
if (!$app || $app['user_id'] != $user_id || empty($app['pdf_path'])) {
http_response_code(403);
exit('Access denied.');
}
$pdf = $app['pdf_path'];
if (!file_exists($pdf)) {
http_response_code(404);
exit('File not found.');
}
// $pdf_path = dirname(__DIR__) . '/public_html/' . ltrim($app['pdf_path'], '/');
// Stream the PDF securely
ob_end_clean();
header('Content-Type: application/pdf');
header('Content-Disposition: inline; filename="' . basename($pdf) . '"');
header('Content-Length: ' . filesize($pdf));
readfile($pdf);
// echo $pdf;
exit;