You could have your authorization info in the mysql db including file locations that are stored along with the authorization level necessary to download them. If the person is authenticated to download the file, the php script uses the file location info from the db to open the file and generate the headers necessary to start the download. This way the end user never has to have direct access to the download directory and you don't have to copy the file into a temporary directory.
Larry -----Original Message----- From: news.php.net [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 30, 2003 2:13 PM To: [EMAIL PROTECTED] Subject: [PHP] How do I protect downloadable files? Hello, I have wrtten a PHP based web site with a MySql backend and now I want to password protect downloadable files. I have logon and session handling taken care of but I can't figure out how to only allowed those who are currently logged in and above a certain security level to access the downloadable content and prevent bookmarking of the file location for redownloading. Currently I have a .htaccess file to protect the files but then you need to enter a User ID and password a second time. I would prefer a single signon solution. I have considered copying the files to a temporary area each time someone wants to download it and then erase it when the session is killed but these files can be large (20-100 mb) and I would rather not do all of that copying if possible. Creating unique symlinks would be easier but my development machine is Windows and my server is FreeBSD and I can't create file links under Windows. Plus, my FreeBSD server is not near me so remote development is difficult. Thanks to anyone with any ideas, Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
