i'm pretty sure i read somewhere that is you use sessions php will not allow
an url that contains a path to a file typed in the address bar ...

may be wrong though ...

and apologies once again for the shopping cart debacle yesterday. some
poeple were complaining and rightly so. i received a dozen e-mails from the
two guys arguing at my works address, which was nice.



> -----Original Message-----
> From: Ron Brogden [mailto:[EMAIL PROTECTED]]
> Sent: 10 April 2001 19:57
> To: bryan; [EMAIL PROTECTED]; db
> Subject: Re: [PHP-DB] images
> 
> 
> At 11:48 AM 4/10/2001 -0800, bryan wrote:
> >Maybe there is a way to use .htaccess more appropriately,
> >but, this site allows guest / non-members, to buy something.
> >Once they buy something, they are given a username of
> >email, and password (they choose).  If they log back in, they
> >should have access to ONLY the files they purchased.
> 
> Easy enough.  Create a table that includes allowed download 
> file names 
> attached to a given user.  When the user logs in they are 
> given a list of 
> files they have permission to access.  The form does not send 
> the path but 
> the row *ID* of the entry from the SQL table.  When they choose the 
> appropriate link, the script looks it up in the database, 
> checks that the 
> user ID matches their authenticated one and if so uses 
> fread() to send out 
> the appropriate file.  Just include the appropriate MIME type 
> header and 
> that's that.
> 
> The .htaccess file should just be used to enforce access 
> solely via the PHP 
> script (i.e. deny from all).
> 
> Cheers,
> 
> Ron
> 
> --------------------------------------------------------------
> ---------------
> Island Net AMT Solutions Group Inc.          Telephone:       
>    250 383-0096
> 1412 Quadra                                  Toll Free:       
>  1 800 331-3055
> Victoria, B.C.                               Fax:             
>    250 383-6698
> V8W 2L1                                      E-Mail:    
> [EMAIL PROTECTED]
> Canada                                       WWW:   
http://www.islandnet.com/
----------------------------------------------------------------------------
-


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to