Hi, What if the user tries to download the file thru DAP or any other download tool? Can we restric even that...?
Regards, Guru. =============================== "Cristian Marin" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > I think you want the user to browse thru the directories and download a > file. > In this case the only way I see this resolving is to make your own index > list of files. You can create a index.php in every directory the user can > see in which you can do something like: > > <?php > require_once('/auth_user.php'); > // About the auth_user.php I discused in the earlier post > $path_back="../"; > > function getFileList(){ > ... > return $fileList; > } > > $files=getFileList(); > > echo "<a href='".$path_back."'>..</a>" > > for ($i=0; $i<sizeof($files);$i++){ > echo <a href='".$files[$i]."'>".$files[$i]."</a><br>" > } > > ?> > Torn the navigation thru directories off. > The only impediment is the fact that you cannot restrict this way the user > to access directly a file if he already getted once. > > If you really want to do that you may try this approach but instead of > scanning the files in the directory to have the files, keep the files else > where and submit the links when the user try to download one to another php > file which get them for you if the user was authenticated. The getter should > look like this: > > <?php > require_once("/auth_user.php"); > > function getRealPath($theRelativePath){ > return "../a_new_path_added_to_relative_path".$theRelativePath; > } > if(isset($HTTP_GET_VARS['path'])){ > header("Location:".getRealPath($HTTP_GET_VARS['path'])); > }else{ > header("Location:/index.php"); > } > ?> > > Hope this helps > -- > ------------------------------------------------- > Cristian MARIN - Developer > InterAKT Online (www.interakt.ro) > Tel: +4021 312.53.12 > Tel/Fax: +4021 312.51.91 > [EMAIL PROTECTED] > "Guru P Chaturvedi" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > > Hi Cristian, > > > > Well what wanted to tell u is all the files that i wanna secure are kind > of > > Word Documents, PDFs, .EXEs which users can access. If i use .htaccess > files > > it works fine. But i want to provide a HTML login form. can u now explain > me > > how i can go about... ? > > > > Regards, > > Guru. > > > > > > > > "Cristian Marin" <[EMAIL PROTECTED]> wrote in message > > news:[EMAIL PROTECTED] > > > Create the authentication form which submit the page to a php ... there > > you > > > verify first if the user and password are ok then you make something > like > > > this: > > > > > > if ($username='ok' && $password='ok') > > > session_start(); > > > session_register('username'); > > > session_register('id_user'); > > > } > > > > > > after this in all protected pages you have to add in first line > something > > > like this: > > > <?php > > > > > > session_start(); > > > if (!isset($HTTP_SESSION_VARS['username'])){ > > > header("Location:login.php"); > > > } > > > > > > //the page code here > > > > > > ?> > > > You may even enter the session_start and if into a different page and on > > top > > > of every page to write : > > > <?php > > > require_once('verify_auth.php'); > > > > > > //the page code here > > > > > > ?> > > > and the user will be automatically redirected to the login page if is > not > > > logged in. > > > > > > If is not this the problem explain me what I have miss understood and I > > will > > > send you the exact code. Sorry, I don't have time to read all the > messages > > > in this topic. > > > > > > By > > > > > > -- > > > ------------------------------------------------- > > > Cristian MARIN - Developer > > > InterAKT Online (www.interakt.ro) > > > Tel: +4021 312.53.12 > > > Tel/Fax: +4021 312.51.91 > > > [EMAIL PROTECTED] > > > "Guru P Chaturvedi" <[EMAIL PROTECTED]> wrote in message > > > news:[EMAIL PROTECTED] > > > > Hi Neil, > > > > > > > > Well is it basically to collect user name and password from user? What > > > > actually i am looking for is skipping this screen and having the same > > > > functionality thru a HTML form. > > > > > > > > Lemme explain you in details... I have a set of files protected using > > the > > > > Auth Directives. So user's need to provide user name and password to > > > access > > > > these files via browser. Now what i am looking at is using HTML form > to > > > > login like Yahoo! or MSN... but users who login using this method only > > > > should be able to access files. Are there any ways of doing this... > > please > > > > help me out in this regard. > > > > > > > > Thanks in advance, > > > > Guru. > > > > > > > > "Neil Smith" <[EMAIL PROTECTED]> wrote in message > > > > news:[EMAIL PROTECTED] > > > > > Try this. Please note that on windows you *cannot* raise a http auth > > box > > > > > this way (PHP_AUTH_USER is not defined for Apache on windows), so > you > > > will > > > > > need to use this on your live unix Apache/PHP server : > > > > > > > > > > function getUserAuthPW() { > > > > > // If present, set user Authenticate Password box values > > > > > global $_SERVER; > > > > > if (isset($_SERVER["PHP_AUTH_USER"])) { > > > > > > > > $username=safestring($_SERVER["PHP_AUTH_USER"]); > > > > > > > $password=safestring($_SERVER["PHP_AUTH_PW"]); > > > > > return true; > > > > > } else { > > > > > header("WWW-Authenticate: Basic > > > > > realm=\"CaptionKit\""); > > > > > header("HTTP/1.0 401 Unauthorized"); > > > > > echo "You must enter a valid login ID and > > > > password > > > > > to access this resource\n"; > > > > > exit; > > > > > } > > > > > } > > > > > > > > > > What this does is to check for PHP_AUTH_USER and if it's not > defined, > > > > > raises a 401 error. The client interprets this as a request to enter > > > user > > > > > name & password, and brings up the grey box you see using .htaccess > / > > > > > .htpasswd files. The function safestring just adds slashes if > there > > > are > > > > > characters which need escaping for your database (some people might > > just > > > > > 'addslashes()' but I do a little more first, like trim and > > > > htmlspecialchars). > > > > > > > > > > Cheers - Neil Smith. > > > > > > > > > > Please note : I do not accept email from hotmail, yahoo, AOL or msn > > > > > accounts. All such mail *will* be bounced and deleted without being > > > read. > > > > > Thankyou for your understanding. > > > > > > > > > > At 07:36 16/06/2003 +0000, you wrote: > > > > > >Message-ID: <[EMAIL PROTECTED]> > > > > > >To: [EMAIL PROTECTED] > > > > > >Reply-To: "Guru P Chaturvedi" <[EMAIL PROTECTED]> > > > > > >From: "Guru P Chaturvedi" <[EMAIL PROTECTED]> > > > > > >Date: Mon, 16 Jun 2003 01:16:53 +0530 > > > > > >Subject: Re: User Authentication... > > > > > >MIME-Version: 1.0 > > > > > > > > > > > >Hi, > > > > > > > > > > > >Any clues...please?! > > > > > > > > > > > > > > > > > > > > > > > > > -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
