Search code examples
javascriptphpjqueryencryptioniframe

How to hide the src of iframe or embed tag using JS/jQuery or PHP?

Im trying to hide the src url for a pdf file in an iframe / embed. Im not sure how.

I tried with all the previously exiting answers, but none of them are working.

<?php
    $url = $_GET['url'];
?>

<embed id="renderedPrint" style="height:calc(100% - 4px);width:calc(100% - 4px);padding:0;margin:0;border:0;"></embed>

<script>
    $(document).ready(function() {
        var encryptedString = "assets/labels/" + "<?php echo $url; ?>" + ".pdf";
        $("#renderedPrint").attr("src", encodeURIComponent(encryptedString));

    });
</script>

But no matter which method i use (Obfuscator, php openssl_encrypt/decrypt), the output url is always visible.

I dont want users to find the iframe/embed url. I want to make it difficult to or even hide the url from the front-end.

The purpose is that i dont want users to have direct access to the generated pdf file. They may copy the iframe src url and send it to someone else. We cant stop them from downloading the pdf, but i dont want them to copy the source url from the server.

Solution

  • check this code you should be add file address to DB

            <?php
    // get id to search on DB and get detail
    $id = $_REQUEST['id'];

    try {
        $conn = new PDO("pgsql:host=$host;port=5432;dbname=$dbname", $username, $password);
        // set the PDO error mode to exception
        $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        //echo "Connected successfully";
    } catch(PDOException $e) {
        echo "Connection failed: " . $e->getMessage();
    }

    $stmt = $conn->prepare("SELECT url FROM mytable WHERE id=? LIMIT 1"); 
    $stmt->execute([$id]); 
    $row = $stmt->fetch();
    // the address of file in server 
    $path = $row['url'];
    $filename = basename($path);
    if (file_exists($path) && is_readable($path)) {
        // get the file size and send the http headers
        $size = filesize($path);
        header('Content-Type: application/octet-stream'); 
        header('Content-Length: '.$size);
        header('Content-Disposition: attachment; filename='.$filename);
        header('Content-Transfer-Encoding: binary');
        // open the file in binary read-only mode
        // display the error messages if the file can´t be opened
        $file = @ fopen($path, 'rb');
        if ($file) {
        // stream the file and exit the script when complete
            fpassthru($file);
            exit;
        } else {
            echo $err;
        }
    } else {
        echo 'check that file exists and is readable';;
    }

    ?>