[TriLUG] a webmastering question
Z
zzd at contentdb.net
Tue Sep 16 20:34:30 EDT 2003
On Tuesday September 16 2003 07:26 pm, David R.Matusiak wrote:
> may be too simplistic for your needs, but what about putting the .doc
> files in a separate directory and then protecting that directory with
> a .htaccess file (simple authentication means built into apache)?
> anyone surfing to that directory would have to provide a
> username/password combo to get to the docs.
>
Or you could hire me to help you out :-)
Really, this is simple, once the user is authenticated, set a $_SESSION
flag so that the authenticated user is indeed authenticated, say
$_SESSION['auth'] = TRUE;
Place all secured files in a directory that the apache server has no
direct access to, perhaps, /var/www/secureDocs/, but anywhere outside
of the http root will do.
Then create all links to secure files through a PHP script such as
file.php?id=myFilename.doc. In that script you can do a simple 'if'
statement such as
if(isset($_SESSION['auth']) and $_SESSION['auth']){
//call the download routine
}else{
//present an unauthorized page
}
If authenticated, the script will read the file which will give you all
pertinent mime info information to send in the http headers before
sending the file to the browser, otherwise it will send the user to an
error page. There are a lot of good examples on the PHP web site, look
under 'file'.
z
More information about the TriLUG
mailing list