Introduction
Securing PDF files is essential for protecting confidential documents, financial reports, legal contracts, and sensitive business data from unauthorized access or modification.
With PHP and TCPDF, you can:
✅ Encrypt PDFs to prevent unauthorized access
✅ Add password protection for viewing or editing
✅ Restrict printing, copying, or modifying content
✅ Automatically secure PDFs on upload or generation
By the end of this guide, you'll have a secure document system in PHP that ensures PDF integrity and confidentiality. 🚀
1. Installing TCPDF for PDF Security
TCPDF provides built-in security features for password protection, encryption, and restrictions.
Install TCPDF via Composer
composer require tecnickcom/tcpdf
Include TCPDF in Your PHP Script
require 'vendor/autoload.php';
use TCPDF;
✅ Now, your system is ready to secure PDF files!
2. Encrypting a PDF File in PHP
PDF encryption prevents unauthorized access to the document.
Example: Encrypt a PDF with a Password
require 'vendor/autoload.php';
use TCPDF;
// Create PDF
$pdf = new TCPDF();
$pdf->SetTitle('Encrypted PDF');
$pdf->AddPage();
$pdf->SetFont('helvetica', '', 12);
$pdf->Cell(0, 10, 'This PDF is encrypted!', 0, 1, 'C');
// Encrypt PDF (User Password: "userpass", Owner Password: "adminpass")
$pdf->SetProtection(['print', 'copy'], 'userpass', 'adminpass');
// Output Encrypted PDF
$pdf->Output('encrypted.pdf', 'F');
echo "PDF encrypted successfully!";
Explanation:
✅ SetProtection(['print', 'copy'], 'userpass', 'adminpass') – Blocks printing and copying.
✅ User password ("userpass") – Required to open the document.
✅ Owner password ("adminpass") – Required to remove restrictions.
🔹 Now, the PDF is protected and requires a password to open!
3. Password Protecting a PDF for Viewing or Editing
If you want to fully restrict access to a PDF, require a password to open it.
Example: Password Protect a PDF
$pdf = new TCPDF();
$pdf->AddPage();
$pdf->SetFont('helvetica', '', 12);
$pdf->Cell(0, 10, 'This document requires a password to open.', 0, 1, 'C');
// Apply password protection (User must enter 'secure123' to view)
$pdf->SetProtection([], 'secure123');
// Output Password-Protected PDF
$pdf->Output('password_protected.pdf', 'F');
echo "Password-protected PDF created!";
How It Works:
✔ User must enter "secure123" to view the PDF.
✔ No permissions (e.g., printing/copying) are restricted.
🔹 Ideal for confidential reports, invoices, or legal documents.
4. Restricting Printing, Editing, and Copying in PDFs
To prevent users from modifying, printing, or copying content, use permission-based security.
Example: Restrict Printing, Copying, and Modification
$pdf = new TCPDF();
$pdf->AddPage();
$pdf->SetFont('helvetica', '', 12);
$pdf->Cell(0, 10, 'Printing, copying, and modifying this document is restricted.', 0, 1, 'C');
// Restrict editing, printing, and copying (Owner password: "admin123")
$pdf->SetProtection(['modify', 'copy', 'print'], '', 'admin123');
$pdf->Output('restricted.pdf', 'F');
echo "Restricted PDF created!";
Permission Options:
✔ 'modify' – Prevents document editing.
✔ 'copy' – Blocks text/image copying.
✔ 'print' – Disables printing.
🔹 This ensures your document is viewable but cannot be altered or printed!
5. Adding a Watermark to Secure a PDF
To further protect your PDFs, add a watermark to indicate confidentiality.
Example: Add a Text Watermark
class WatermarkedPDF extends TCPDF {
function Header() {
$this->SetFont('Arial', 'B', 50);
$this->SetTextColor(200, 200, 200);
$this->Rotate(45, 60, 60);
$this->Text(30, 210, 'CONFIDENTIAL');
$this->Rotate(0);
}
}
$pdf = new WatermarkedPDF();
$pdf->AddPage();
$pdf->SetFont('helvetica', '', 12);
$pdf->Cell(0, 10, 'This document contains a watermark.', 0, 1, 'C');
$pdf->Output('watermarked.pdf', 'F');
echo "Watermarked PDF created!";
✅ Text watermark prevents unauthorized distribution.
✅ Rotate() places text diagonally for visibility.
🔹 Ideal for securing sensitive business or financial documents.
6. Automatically Secure PDFs on File Upload
To automate PDF security, apply encryption when users upload files.
Example: Encrypt PDFs Upon Upload
if ($_FILES['pdf']['error'] == 0) {
$uploadDir = "uploads/";
$pdfPath = $uploadDir . basename($_FILES['pdf']['name']);
if (move_uploaded_file($_FILES['pdf']['tmp_name'], $pdfPath)) {
encryptPDF($pdfPath, "secured_".$pdfPath);
echo "PDF uploaded and secured!";
} else {
echo "Upload failed!";
}
}
function encryptPDF($source, $destination) {
$pdf = new TCPDF();
$pdf->setSourceFile($source);
$pdf->AddPage();
$tplIdx = $pdf->importPage(1);
$pdf->useTemplate($tplIdx);
$pdf->SetProtection(['modify', 'copy'], 'userpass', 'adminpass');
$pdf->Output($destination, 'F');
}
✅ Any uploaded PDF is encrypted before storage.
✅ Restricts modifications to protect document integrity.
7. Preventing Unauthorized Opening of a PDF
To block unauthorized users, apply a random password per user session.
Example: Assign Unique Password for Each User
$userPassword = md5($_SESSION['user_id']); // Generate a unique password
$pdf = new TCPDF();
$pdf->SetProtection([], $userPassword);
$pdf->Output('secure_user.pdf', 'F');
echo "PDF secured with a unique password!";
🔹 Now, only the intended recipient can open the PDF!
Best Practices for Securing PDFs in PHP
✔ Encrypt sensitive PDFs to prevent unauthorized access.
✔ Use password protection for confidential documents.
✔ Restrict editing, printing, and copying for security.
✔ Apply watermarks to prevent illegal distribution.
✔ Automate security during PDF upload and generation.
Conclusion
With TCPDF, you can encrypt, protect, and restrict PDF files in PHP to enhance security.
✅ Encrypt PDFs to prevent unauthorized access.
✅ Apply password protection for sensitive documents.
✅ Restrict printing, copying, and modifications.
✅ Add watermarks to mark confidential documents.
By implementing these security measures, you can ensure data protection and compliance in your PHP applications. 🚀