I have files contained in a download directory (.doc, .xls etc files)
so I can't request authentication on each download from insie the files.
I use authentication against a DB for the rest of the site and all pages are
protected this way.
My only way to protect these download files is to place server
authentication on the folders they are contained in.
To avoid having to manage my users again as server users, does anyone know
how to set the HTTP_AUTHORIZATION variable at time of request?
I don't need high security, so the page setting the HTTP_AUTHORIZATION is
protected but does contain the username and pw couplet for the
HTTP_AUTHORIZATION setting.
Anyone know how? I know we stamped out URL methods of passing username and
pasword couplets but maybe there's another way?
This doesn't work
$_SERVER['HTTP_AUTHORIZATION'] = "Basic
".base64_encode("username:password");
because you can't appear to set this variable, only the server can set it
after it receives a
header('WWW-Authenticate: Basic realm="Test Authentication System"');
header.
thanks
Alan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
