At 11:48 AM 4/10/2001 -0800, bryan wrote:
>Maybe there is a way to use .htaccess more appropriately,
>but, this site allows guest / non-members, to buy something.
>Once they buy something, they are given a username of
>email, and password (they choose).  If they log back in, they
>should have access to ONLY the files they purchased.

Easy enough.  Create a table that includes allowed download file names 
attached to a given user.  When the user logs in they are given a list of 
files they have permission to access.  The form does not send the path but 
the row *ID* of the entry from the SQL table.  When they choose the 
appropriate link, the script looks it up in the database, checks that the 
user ID matches their authenticated one and if so uses fread() to send out 
the appropriate file.  Just include the appropriate MIME type header and 
that's that.

The .htaccess file should just be used to enforce access solely via the PHP 
script (i.e. deny from all).



Island Net AMT Solutions Group Inc.          Telephone:          250 383-0096
1412 Quadra                                  Toll Free:        1 800 331-3055
Victoria, B.C.                               Fax:                250 383-6698
V8W 2L1                                      E-Mail:    [EMAIL PROTECTED]
Canada                                       WWW:

PHP Database Mailing List (
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to