If you have access to the Apache server why not set up auth-mysql as the authentication method? It checks for authentication login/password pairs out of MySQL.
mark C. > -----Original Message----- > From: Miles Thompson [mailto:[EMAIL PROTECTED]] > Sebastian, > > I believe I have to do what you do, but from your cryptic msg > I've not been > able to figure it out. > > We have a subscription site, and if a subscriber wants a PDF, the link > which requests it checks for a session cookie. If it's not set > the user is > directed to a logon script which checks username/password against a > database and sets the session cookie if everything is OK. It > automatically > redirects to the calling script, and because the session id is > now present > the PDF can be accessed. > > To my horror, I discovered on Friday that if I just type in the URL with > the name of the PDF it's delivered with no checking at all. I > have to move > them to a safe place, either outside the web tree or to a directory > protected by htaccess. This is where I'm stuck. > > If I use .htaccess, I don't want to maintain a separate .htaccess file in > addition to the subscriber table in the database. Can I set have my logon > script set an Apache variable that will give access to the protected > directory which store the PDf's? > > Or do they have to be passed? If so how? > > Would that mean that I'd need only one or a few username/password > pairs in > htaccess? > or > Is htaccess (or Apache's security) somehow satisfied by setting > the variables? > > Regards - Miles Thompson > > At 01:19 PM 10/19/2001 +0200, you wrote: > >Hi George > > > >I had the same problem a while ago. > >The only solution i found was to change the link to : > >www.blabla.com/pdffile/test.pdf > >test.pdf does not exist, but > >in /pdffile/ there is a .htaccess which redirects the 404 to the php > >script that reads/generates the pdfs. And for my purpose checks if user > >is > >authorized to get these files. > > > >sebastian > <George's part is snipped, as it doesn't matter to me if the filename is > preserved.> > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]