Maybe there is a way to use .htaccess more appropriately,
but, this site allows guest / non-members, to buy something.
Once they buy something, they are given a username of
email, and password (they choose). If they log back in, they
should have access to ONLY the files they purchased. So,
I purchase 2001/jan/picc_set1/pic1.zip, then I have access
to all the file in 2001/jan/pic_set1/images/pic1.jpg, ""...pic2.jpg,
etc. The only problem is, if I can get to that image, what would
stop me from doing 2001/jan/pic_set2/images/pic1.jpg, etc...?
I have only used .htaccess one way, and that is to password protect
a directory. Maybe thats the only way to do this....
If I have 43 images in 1 directory, .htaccess wouldn't stop me from
typing in the direct path, would it?
Thanks for your help and any more help with this issue
would be greatly appreciated.
bryan
----- Original Message -----
From: "John Huggins" <[EMAIL PROTECTED]>
To: "bryan" <[EMAIL PROTECTED]>; "db" <[EMAIL PROTECTED]>
Sent: Tuesday, April 10, 2001 10:31 AM
Subject: RE: [PHP-DB] images
> .htaccess
>
> > -----Original Message-----
> > From: bryan [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, April 10, 2001 2:47 PM
> > To: db
> > Subject: [PHP-DB] images
> >
> >
> > Question:
> >
> > Having problems with a site I am doing.
> > How can I stop a user from gaining access to images in
> > a certain directory. I have directory browsing turned
> > off, but in the instance someone buys something, if
> > the path to the image is 2001/apr/a1/image1.jpg, what
> > would stop someone from typing 2001/apr/a1/image2.jpg
> > or 2001/apr/a2/image1.jpg, and gaining access to all the
> > files?
> >
> > If anyone has any guidance on this, I would appreciate
> > it!
> >
> > Thanks
> > bryan
> >
> >
> > [ bryan fitch . programmer . [EMAIL PROTECTED] ]
> >
> >
> >
> >
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]