If you have access to the Apache server why not set up auth-mysql as the
authentication method? It checks for authentication login/password pairs out
of MySQL.

mark C.

> -----Original Message-----
> From: Miles Thompson [mailto:[EMAIL PROTECTED]]
> Sebastian,
> I believe I have to do what you do, but from your cryptic msg
> I've not been
> able to figure it out.
> We have a subscription site, and if a subscriber wants a PDF, the link
> which requests it checks for a session cookie. If it's not set
> the user is
> directed to a logon script which checks username/password against a
> database and sets the session cookie if everything is OK. It
> automatically
> redirects to the calling script, and because the session id is
> now present
> the PDF can be accessed.
> To my horror, I discovered on Friday that if I just type in the URL with
> the name of the PDF it's delivered with no checking at all. I
> have to move
> them to a safe place, either outside the web tree or to a directory
> protected by htaccess. This is where I'm stuck.
> If I use .htaccess, I don't want to maintain a separate .htaccess file in
> addition to the subscriber table in the database. Can I set have my logon
> script set an Apache variable that will give access to the protected
> directory which store the PDf's?
> Or do they have to be passed? If so how?
> Would that mean that I'd need only one or a few username/password
> pairs in
> htaccess?
> or
> Is htaccess (or Apache's security) somehow satisfied by setting
> the variables?
> Regards - Miles Thompson
> At 01:19 PM 10/19/2001 +0200, you wrote:
> >Hi George
> >
> >I had the same problem a while ago.
> >The only solution i found was to change the link to :
> >www.blabla.com/pdffile/test.pdf
> >test.pdf does not exist, but
> >in /pdffile/ there is a .htaccess which redirects the 404 to the php
> >script that reads/generates the pdfs. And for my purpose checks if user
> >is
> >authorized to get these files.
> >
> >sebastian
> <George's part is snipped, as it doesn't matter to me if the filename is
> preserved.>

PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to