At 11:48 AM 4/10/2001 -0800, bryan wrote:
>Maybe there is a way to use .htaccess more appropriately,
>but, this site allows guest / non-members, to buy something.
>Once they buy something, they are given a username of
>email, and password (they choose). If they log back in, they
>should have access to ONLY the files they purchased.
Easy enough. Create a table that includes allowed download file names
attached to a given user. When the user logs in they are given a list of
files they have permission to access. The form does not send the path but
the row *ID* of the entry from the SQL table. When they choose the
appropriate link, the script looks it up in the database, checks that the
user ID matches their authenticated one and if so uses fread() to send out
the appropriate file. Just include the appropriate MIME type header and
that's that.
The .htaccess file should just be used to enforce access solely via the PHP
script (i.e. deny from all).
Cheers,
Ron
-----------------------------------------------------------------------------
Island Net AMT Solutions Group Inc. Telephone: 250 383-0096
1412 Quadra Toll Free: 1 800 331-3055
Victoria, B.C. Fax: 250 383-6698
V8W 2L1 E-Mail: [EMAIL PROTECTED]
Canada WWW: http://www.islandnet.com/
-----------------------------------------------------------------------------
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]