On Wednesday 21 August 2002 10:54, Roger Lewis wrote:
> I did, but like I said, I couldn't find much. Maybe I wasn't using the > correct key words. There is a lot about protecting php and html files but > not much on other, non-php files in external directories. There is some > discussion about .htaccess, but I know nothing about this. Is that the way > to do it, or can it be done with php. Justin French, Tuesday, August 20, 2002 10:40 PM > In real short, you want to store the files outside your htdocs root (so they > can't be served by http), OR restrict them from being served by using a > htaccess file (try an apache list, the apache site, or your ISP sys admin). > Then, you want to serve those files THROUGH a PHP script. Usually these > scripts will: > - authenticate a user > - set the right mime-type header for the file type using header() > - parse the requested file though the PHP script to the browser > There were a few recent threads on this... search for the following subject > lines in the archives: > - Authenticate files downloads > - secure files acess > Finally, there is a decent script/article/tutorial on the Zend site (another > place you should have looked), which is the basis for my code at the moment. > http://www.zend.com/zend/trick/tricks-august-2001.php Well, I originally searched for "protect file downloads". I also searched "protect individual files", "protect files", "authenticate files", and on and on. There are thousands of messages, but very few with relevant titles or content. One point to consider: I have no control over the files themselves. They are being uploaded to the document directories by end users, so I do not know the file names. What I am trying to do is prevent someone who knows the path to the file from being able to gain access to it without authorization. One of the best ideas I saw was to put the files outside the web root directory. That sounded pretty good until I discovered that then I couldn't access the files. Now you've again pointed out that solution, so I'm sure it will work. I've just got to study up on the subject. I ran across the Zend article a couple of weeks ago, but it's going to take me awhile to understand it. I'm pretty new at this game, and my programming skills are very limited. I'm going to research .htaccess also. Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php