I believe I have to do what you do, but from your cryptic msg I've not been
able to figure it out.
We have a subscription site, and if a subscriber wants a PDF, the link
which requests it checks for a session cookie. If it's not set the user is
directed to a logon script which checks username/password against a
database and sets the session cookie if everything is OK. It automatically
redirects to the calling script, and because the session id is now present
the PDF can be accessed.
To my horror, I discovered on Friday that if I just type in the URL with
the name of the PDF it's delivered with no checking at all. I have to move
them to a safe place, either outside the web tree or to a directory
protected by htaccess. This is where I'm stuck.
If I use .htaccess, I don't want to maintain a separate .htaccess file in
addition to the subscriber table in the database. Can I set have my logon
script set an Apache variable that will give access to the protected
directory which store the PDf's?
Or do they have to be passed? If so how?
Would that mean that I'd need only one or a few username/password pairs in
Is htaccess (or Apache's security) somehow satisfied by setting the variables?
Regards - Miles Thompson
At 01:19 PM 10/19/2001 +0200, you wrote:
>I had the same problem a while ago.
>The only solution i found was to change the link to :
>test.pdf does not exist, but
>in /pdffile/ there is a .htaccess which redirects the 404 to the php
>script that reads/generates the pdfs. And for my purpose checks if user
>authorized to get these files.
<George's part is snipped, as it doesn't matter to me if the filename is
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]