On Sat, 11 May 2002, Nick Wilson wrote:
> I've been asked to protect an area containing 'course material' (pdf's
> etc) and have just thought of a gaping hole in what I've done.
>
> I use an class to handle all the auth stuff and each page checks the
> value of $obj->logged_in :: No problem.
>
> but what if someone links to www.thesite/theProtectedArea/file.tar.gz
>
> that file cannot check if the downloader is logged in can it.
download.php:
<?
if (userIsAuthorized)
{
header('Content-Type: application/x-gzip');
readfile('secret-name-of-file.tar.gz');
exit;
}
else
{
print 'You are not authorized to download this file.';
}
?>
Season to taste with GET arguments such as an ID number or other hash
identifying which file to send.
miguel
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
