At 03:09 AM 4/5/2001 +0100, Mick Lloyd wrote:
>But how do I then protect the directories/scripts from anyone wanting to
>have a look
>(not that they're worth much!).
Create a .htaccess file that contains the following:
deny from all
Place it in the directories you wish to protect. Next, create a script
which will pass through a given file to a user if certain conditions are
met (there are a few functions that can help with this under file i/o in
the PHP manual).
Be EXTREMELY careful on how you handle paths with this. The best thing to
do is to make the file requests based on an ID number (remember to force
the value to an integer in your script) and then associate the "id" with an
entry in the config file or database so people cannot call your script with
arbitrary file names. Make sure you catch the default case where the ID
does not match a file too just in case.
Cheers
-----------------------------------------------------------------------------
Island Net AMT Solutions Group Inc. Telephone: 250 383-0096
1412 Quadra Toll Free: 1 800 331-3055
Victoria, B.C. Fax: 250 383-6698
V8W 2L1 E-Mail: [EMAIL PROTECTED]
Canada WWW: http://www.islandnet.com/
-----------------------------------------------------------------------------
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
