i'm pretty sure i read somewhere that is you use sessions php will not allow
an url that contains a path to a file typed in the address bar ...
may be wrong though ...
and apologies once again for the shopping cart debacle yesterday. some
poeple were complaining and rightly so. i received a dozen e-mails from the
two guys arguing at my works address, which was nice.
> -----Original Message-----
> From: Ron Brogden [mailto:[EMAIL PROTECTED]]
> Sent: 10 April 2001 19:57
> To: bryan; [EMAIL PROTECTED]; db
> Subject: Re: [PHP-DB] images
>
>
> At 11:48 AM 4/10/2001 -0800, bryan wrote:
> >Maybe there is a way to use .htaccess more appropriately,
> >but, this site allows guest / non-members, to buy something.
> >Once they buy something, they are given a username of
> >email, and password (they choose). If they log back in, they
> >should have access to ONLY the files they purchased.
>
> Easy enough. Create a table that includes allowed download
> file names
> attached to a given user. When the user logs in they are
> given a list of
> files they have permission to access. The form does not send
> the path but
> the row *ID* of the entry from the SQL table. When they choose the
> appropriate link, the script looks it up in the database,
> checks that the
> user ID matches their authenticated one and if so uses
> fread() to send out
> the appropriate file. Just include the appropriate MIME type
> header and
> that's that.
>
> The .htaccess file should just be used to enforce access
> solely via the PHP
> script (i.e. deny from all).
>
> Cheers,
>
> Ron
>
> --------------------------------------------------------------
> ---------------
> Island Net AMT Solutions Group Inc. Telephone:
> 250 383-0096
> 1412 Quadra Toll Free:
> 1 800 331-3055
> Victoria, B.C. Fax:
> 250 383-6698
> V8W 2L1 E-Mail:
> [EMAIL PROTECTED]
> Canada WWW:
http://www.islandnet.com/
----------------------------------------------------------------------------
-
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]