I haven't been able to find much on this subject in the archives.

Using sessions I have been able to have the server validate the user's
access level before serving him a page.   I put include files on each page
that I want authenticated.  This is all well and good, except on my pages
there are links to non-html, and non-php files that are stored in document
directories on the server.

How, on a file-by-file basis, do I ensure that the user is authorized to
download these files?  If he gets to them through the link I provide, this
is acceptable because he is already authorized to view the page that the
link is on.  However, if he somehow knows the full path to the file, he can
get to it directly, bypassing the link and overriding the authentication

Thanks for any help on this question.

Roger Lewis

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to