At 03:09 AM 4/5/2001 +0100, Mick Lloyd wrote:
>But how do I then protect the directories/scripts from anyone wanting to 
>have a look
>(not that they're worth much!).

Create a .htaccess file that contains the following:

deny from all

Place it in the directories you wish to protect.  Next, create a script 
which will pass through a given file to a user if certain conditions are 
met (there are a few functions that can help with this under file i/o in 
the PHP manual).

Be EXTREMELY careful on how you handle paths with this.  The best thing to 
do is to make the file requests based on an ID number (remember to force 
the value to an integer in your script) and then associate the "id" with an 
entry in the config file or database so people cannot call your script with 
arbitrary file names.  Make sure you catch the default case where the ID 
does not match a file too just in case.


Island Net AMT Solutions Group Inc.          Telephone:          250 383-0096
1412 Quadra                                  Toll Free:        1 800 331-3055
Victoria, B.C.                               Fax:                250 383-6698
V8W 2L1                                      E-Mail:    [EMAIL PROTECTED]
Canada                                       WWW:

PHP Database Mailing List (
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to