On Sat, 11 May 2002, Nick Wilson wrote:
> I've been asked to protect an area containing 'course material' (pdf's
> etc) and have just thought of a gaping hole in what I've done.
> I use an class to handle all the auth stuff and each page checks the
> value of $obj->logged_in :: No problem.
> but what if someone links to www.thesite/theProtectedArea/file.tar.gz
> that file cannot check if the downloader is logged in can it.



  if (userIsAuthorized)
     header('Content-Type: application/x-gzip');
     print 'You are not authorized to download this file.';


Season to taste with GET arguments such as an ID number or other hash
identifying which file to send.


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to