I am about at my wits end trying to find a good solution to this problem. I've asked various portions of this question to this mail list and still have not found exactly what it is I am looking for, but here it goes.
I'm looking for a way to protect my files (this would be pdf files, image files, etc...other things then text/php files) so that for someone to see a current file they will have to enter in their email address and name. Seems fairly simple, and yet I can not figure out how to do it. I've been told of the following alternatives:
Protect the files with HTTP auth (basic, or use SSL if very paranoid), then, after entering the info into a database:
1. just link to http://username:[EMAIL PROTECTED]/protect/file.pdf (either directly using html, or use headers). The problem: if using HTML, the username & password is easily seen. If using headers, this does not work (it is not seen as a PDF file) - my best guess is that the auth headers get passed along and so it does not work. Of course, I can load a PDF using headers if the file is not in a protected directory without any problems at all. But then again it wouldn't be protected to begin with.
1.b. It was later suggested that I could link to http://username:[EMAIL PROTECTED]/protect/file.pdf and use an apache rewrite statement to change every protected file to exclude the username & password. But I've posted to an apache group and they have said that this CAN NOT be done.
2. link to something outside of my httpdocs directory. Unfortunately, I am on a shared server and do not have a private folder (or at least my _private directory which is contained with httpdocs will not work - I get the same problem that I do with authentication - it does not recognize the file as a PDF at all).
3. use a prebuilt class (such as snoopy or Emanuel Lemos). This looks as though it is the only option available to me at this time, but It doesn't look as though it as a good one as it will add a lot of code to something that seems as though it should be VERY simple, and it means that I will have to go through the documentation to use this.
If anyone has any ideas it will be much appreciated.
Scott Taylor
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
