On Sun, 18 Jul 2004 05:25:54 +0000, dave wrote:
Hello,
I've got a situation where i have a directory called "example". In this
area i have three files, an index page that has a form on it in to which
user's can authenticate, a page displaying either success or failure and if
success redirects to a downloadable file. I don't want this downloadable
file to be had by a direct url access, user's should have to authenticate to
get it. I want to use php4 for this and if possible since this is a
lightweight requirement i don't want to implement a database solution. Any
pointers or howtos appreciated.
Thanks.
Dave.
Drop the directory outside of the Web root so that it can't be accessed
via a URL and use the readfile() and header() functions to serve the file.
A quick and dirty example (please note the lack of security / validation
in the example code):
foo.com/download?file=bar.zip
<?php
if (strlen($_GET['file']) > 0) {
if (file_exists(dirname(__FILE__) . '/../' . $_GET['file']) and
is_readable(dirname(__FILE__) . '/../' . $_GET['file'])
) {
header('Content-type: application/zip');
readfile(dirname(__FILE__) . '/../' . $_GET['file']);
exit;
} else {
die('Cannot serve file.');
}
}
?>
Your "authentication" is obviously done separately.
The other solution is to obviously use .htaccess control and not use PHP
at all =)
HTH.
Regards,
Ian
--
Ian.H
digiServ Network
London, UK
http://digiserv.net/