Alan McDonald wrote:
I have files contained in a download directory (.doc, .xls etc files)
so I can't request authentication on each download from insie the files.
I use authentication against a DB for the rest of the site and all pages are
protected this way.
My only way to protect these download files is to place server
authentication on the folders they are contained in.
To avoid having to manage my users again as server users, does anyone know
how to set the HTTP_AUTHORIZATION variable at time of request?
I don't need high security, so the page setting the HTTP_AUTHORIZATION is
protected but does contain the username and pw couplet for the
HTTP_AUTHORIZATION setting.
There authorizations settings are supposed to be sent back to the server
by the client so you cannot generate them with php. Your option include
using .htpasswd that checks against a mysql database (please ask in the
apache list.) and keeping your downloads 'offline' and delivering them
through a php script. The second suggested has been discussed to
exaustion in this list in the past.
--
Raditha Dissanayake.
---------------------------------------------
http://www.raditha.com/megaupload/upload.php
Sneak past the PHP file upload limits.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
