You still need to restrict the files from being served directly over http... this can be done via a .htaccess, or just stored outside the document root.
Then, you create a script called download.php, which INSN'T a html page -- it sets a content header, and passes a .zip file through itself to the user. Start by reading this article: http://www.zend.com/zend/trick/tricks-august-2001.php Cheers, Justin on 11/11/02 4:10 PM, James Taylor ([EMAIL PROTECTED]) wrote: > Ok, I have something like this set up: > > 1. User logs into site. Authenticates through a mysql table which basically > just has username/password columns. Session is set. > > 2. User goes through site looking for information he'd like to purchase > based on specific fields. After the gathering of information is done, a > script dumps the text into a CSV file and zips it. > > 3. The user then downloads the zip. > > What I can't figure out though, is in step number 3 - How do I secure this? > The filenames are randomly generated, but if someone felt like saving a few > bucks, they could write a program to try and brute force the guessing of > filenames. I need to somehow have an .htaccess type system, WITHOUT > .htaccess since the usernames are all just in a standard MySQL table. Any > suggestions? Store the file in a table blob? I can't really think of > anything. Thanks for your help. > Justin French -------------------- Creative Director http://Indent.com.au Web Developent & Graphic Design -------------------- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php