> >I have files contained in a download directory (.doc, .xls etc files) > >so I can't request authentication on each download from insie the files. > >I use authentication against a DB for the rest of the site and all pages are > >protected this way. > >My only way to protect these download files is to place server > >authentication on the folders they are contained in. > > > >To avoid having to manage my users again as server users, does anyone know > >how to set the HTTP_AUTHORIZATION variable at time of request? > >I don't need high security, so the page setting the HTTP_AUTHORIZATION is > >protected but does contain the username and pw couplet for the > >HTTP_AUTHORIZATION setting. > > > > > There authorizations settings are supposed to be sent back to the server > by the client so you cannot generate them with php. Your option include > using .htpasswd that checks against a mysql database (please ask in the > apache list.) and keeping your downloads 'offline' and delivering them > through a php script. The second suggested has been discussed to > exaustion in this list in the past. > > -- > Raditha Dissanayake.
Thanks - I suppose I was thinking of building (via PHP) and client JS script to set the property at the client. But anyway the offline way is the answer - shold have thought of that. Alan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php