ailto:[EMAIL PROTECTED]]
> Sent: Tuesday, June 18, 2002 5:04 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [PHP] How do I hide download link ...
>
> Hi, if using the header command for attaching a file really prevents
the
> user from seeing the actual download link, is it really all that
ansfer-Encoding: binary");
Header("File-Length: $fsize");
Header("Content-Disposition: attachment; filename=$fname");
echo $buff;
-Original Message-
From: Lazor, Ed [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 19, 2002 8:59 AM
To: 'Martin Towell
#x27;s site to see what hidden things I can find
:)
But it's up to you where you ultimately put it
-Original Message-
From: Fargo Lee [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 19, 2002 7:04 AM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] How do I hide download link ...
x27;Fargo Lee'; [EMAIL PROTECTED]
> Subject: RE: [PHP] How do I hide download link ...
>
>
> Have a page that checks the user's authentication
>
> if they're "invalid" then display an error msg and exit the script
>
> otherwise, send the header comm
ependent on the
> types
> > of files your offering, but you should get the idea.
> >
> > Adapt to your needs, but this is the basics of it. Check for a valid
> > session, if it exists, send appropriate headers and use passthru() to
send
> > the file. (you can us
Hi, if using the header command for attaching a file really prevents the
user from seeing the actual download link, is it really all that important
that the file is read from behind the document root if it is in a very hard
to guess directory?
"Martin Towell" <[EMAIL PROTECTED]> wrote in message
ffering, but you should get the idea.
>
> Adapt to your needs, but this is the basics of it. Check for a valid
> session, if it exists, send appropriate headers and use passthru() to send
> the file. (you can use file(), fopen(), whatever, as long as you send the
> content of the file af
on 19/06/02 12:27 AM, 1LT John W. Holmes ([EMAIL PROTECTED]) wrote:
> I thought we answered this question already!
Hehe yup -- a different thread that I started :)
Justin French
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
content of the file after the headers...). If session doesn't match up, send
an HTML page.
Hopefully this thread will die now...
---John Holmes...
- Original Message -
From: "Nathan Taylor" <[EMAIL PROTECTED]>
To: "Fargo Lee" <[EMAIL PROTECTED]>
Cc:
ssage-
> From: Nathan Taylor [mailto:[EMAIL PROTECTED]]
> Sent: 18 June 2002 11:33 AM
> To: Bret L Conard; [EMAIL PROTECTED]
> Subject: Re: [PHP] How do I hide download link ...
>
>
> > if (!session_is_registered("SESSION")){
> > print (&qu
e 2002 11:33 AM
> To: Bret L Conard; [EMAIL PROTECTED]
> Subject: Re: [PHP] How do I hide download link ...
>
>
> > if (!session_is_registered("SESSION")){
> > print ("You must Log-In to access this page\n");
> > print (&qu
physical file. If a user for some
reason desires to leak the actual link then there could be a problem. This
is why he probably should change the physical file data.
- Original Message -
From: "Bret L Conard" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday,
Start a session on the sign in page, and check for the session before
displaying the page with the link. The it does not matter if the link page
URL is distributed. In my situation;
1. Sign in page goes to a validation script.
2. Check for form fields. (1st of Nested loops)
if (isset($form
I don't believe it is possible to hide the physical link but it is plausibly
easy enough to write a script that randomly changes the file name and
location. Here's some psuedo code to get you started:
//Step 1: Locate the file
$query = "select * from file_locations where file_name='secure.zip'";
- Original Message -
From: "Fargo Lee" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, June 12, 2002 4:14 PM
Subject: [PHP] How do I hide download link ...
> Hi, my customers go through a password authentication to access a link on
my
> site to download a file. I want to pr
15 matches
Mail list logo
