You still need to restrict the files from being served directly over http...
this can be done via a .htaccess, or just stored outside the document root.

Then, you create a script called download.php, which INSN'T a html page --
it sets a content header, and passes a .zip file through itself to the user.

Start by reading this article:



on 11/11/02 4:10 PM, James Taylor ([EMAIL PROTECTED]) wrote:

> Ok, I have something like this set up:
> 1. User logs into site.  Authenticates through a mysql table which basically
> just has username/password columns. Session is set.
> 2. User goes through site looking for information he'd like to purchase
> based on specific fields.  After the gathering of information is done, a
> script dumps the text into a CSV file and zips it.
> 3. The user then downloads the zip.
> What I can't figure out though, is in step number 3 - How do I secure this?
> The filenames are randomly generated, but if someone felt like saving a few
> bucks, they could write a program to try and brute force the guessing of
> filenames.  I need to somehow have an .htaccess type system, WITHOUT
> .htaccess since the usernames are all just in a standard MySQL table.  Any
> suggestions?  Store the file in a table blob? I can't really think of
> anything.  Thanks for your help.

Justin French
Creative Director
Web Developent & 
Graphic Design

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to