If you don't tell anyone what the secret path is, it's as good as a password.
miguel On Sat, 11 May 2002, John Holmes wrote: > Store your files outside of the webroot if you use this method. Then > they can't type in the address directly (otherwise this doesn't fix > anything). > > ---John Holmes... > > > -----Original Message----- > > From: Miguel Cruz [mailto:[EMAIL PROTECTED]] > > Sent: Saturday, May 11, 2002 2:23 AM > > To: PHP-General > > Subject: Re: [PHP] protecting downloads with php > > > > download.php: > > > > <? > > > > if (userIsAuthorized) > > { > > header('Content-Type: application/x-gzip'); > > readfile('secret-name-of-file.tar.gz'); > > exit; > > } > > else > > { > > print 'You are not authorized to download this file.'; > > } > > > > ?> > > > > Season to taste with GET arguments such as an ID number or other hash > > identifying which file to send. > > > > miguel > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
