Re: [PHP-DB] images

Tue, 10 Apr 2001 11:27:17 -0700 

Maybe there is a way to use .htaccess more appropriately,
but, this site allows guest / non-members, to buy something.
Once they buy something, they are given a username of
email, and password (they choose).  If they log back in, they
should have access to ONLY the files they purchased.  So, 
I purchase 2001/jan/picc_set1/pic1.zip, then I have access
to all the file in 2001/jan/pic_set1/images/pic1.jpg, ""...pic2.jpg,
etc.  The only problem is, if I can get to that image, what would
stop me from doing 2001/jan/pic_set2/images/pic1.jpg, etc...?

I have only used .htaccess one way, and that is to password protect
a directory.  Maybe thats the only way to do this....
If I have 43 images in 1 directory, .htaccess wouldn't stop me from
typing in the direct path, would it?  

Thanks for your help and any more help with this issue
would be greatly appreciated.

bryan


----- Original Message ----- 
From: "John Huggins" <[EMAIL PROTECTED]>
To: "bryan" <[EMAIL PROTECTED]>; "db" <[EMAIL PROTECTED]>
Sent: Tuesday, April 10, 2001 10:31 AM
Subject: RE: [PHP-DB] images


> .htaccess
> 
> > -----Original Message-----
> > From: bryan [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, April 10, 2001 2:47 PM
> > To: db
> > Subject: [PHP-DB] images
> > 
> > 
> > Question:
> > 
> > Having problems with a site I am doing.
> > How can I stop a user from gaining access to images in 
> > a certain directory.  I have directory browsing turned
> > off, but in the instance someone buys something, if
> > the path to the image is 2001/apr/a1/image1.jpg, what
> > would stop someone from typing 2001/apr/a1/image2.jpg
> > or 2001/apr/a2/image1.jpg, and gaining access to all the
> > files?
> > 
> > If anyone has any guidance on this, I would appreciate
> > it!  
> > 
> > Thanks
> > bryan
> > 
> > 
> > [ bryan fitch . programmer . [EMAIL PROTECTED] ]
> > 
> > 
> > 
> > 
> 
> -- 
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
> 


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to