I believe I have to do what you do, but from your cryptic msg I've not been 
able to figure it out.

We have a subscription site, and if a subscriber wants a PDF, the link 
which requests it checks for a session cookie. If it's not set the user is 
directed to a logon script which checks username/password against a 
database and sets the session cookie if everything is OK. It automatically 
redirects to the calling script, and because the session id is now present 
the PDF can be accessed.

To my horror, I discovered on Friday that if I just type in the URL with 
the name of the PDF it's delivered with no checking at all. I have to move 
them to a safe place, either outside the web tree or to a directory 
protected by htaccess. This is where I'm stuck.

If I use .htaccess, I don't want to maintain a separate .htaccess file in 
addition to the subscriber table in the database. Can I set have my logon 
script set an Apache variable that will give access to the protected 
directory which store the PDf's?

Or do they have to be passed? If so how?

Would that mean that I'd need only one or a few username/password pairs in 
Is htaccess (or Apache's security) somehow satisfied by setting the variables?

Regards - Miles Thompson

At 01:19 PM 10/19/2001 +0200, you wrote:
>Hi George
>I had the same problem a while ago.
>The only solution i found was to change the link to :
>test.pdf does not exist, but
>in /pdffile/ there is a .htaccess which redirects the 404 to the php
>script that reads/generates the pdfs. And for my purpose checks if user
>authorized to get these files.
<George's part is snipped, as it doesn't matter to me if the filename is 

PHP General Mailing List (
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to