Re: [PHP] Re: alternative to protecting files through http auth.
Subject: Re: [PHP] Re: alternative to protecting files through http auth. From: Jason Wong [EMAIL PROTECTED] Date: Sat, 17 Jan 2004 05:08:29 +0800 To: [EMAIL PROTECTED] On Saturday 17 January 2004 04:03, Scott Taylor wrote: Alternately, if you aren't able to create directories or access files outside the DocumentRoot for your site, you can create an unbrowsable storage directory protected with a .htaccess file. If the filesystem permissions are correct, your PHP script will be able to read content from that directory, because PHP code isn't subject to .htaccess rules. It actually does not work. Could you explain what, exactly, does not work? I am trying to load a PDF file. I've tried to load it from a protected directory loading it with headers, but this fails if the protection is on. Does this make sense to you? The above outlines a scheme which is workable. Could you describe the steps you took to implement said scheme which lead you to the conclusion that It actually does not work ? Yes, sorry. Here is the code: $file = 'http://miningstocks.com/protected/archive/Dec03PostPress.pdf'; //now view the PDF file header(Content-Type: application/pdf); header(Accept-Ranges: bytes); header(Content-Length: .filesize($file)); readfile($file); I can send the rest if necessary. You can see the results yourself of this: http://miningstocks.com/enteremail.php (just enter [EMAIL PROTECTED] for an email address). Yet, when I have changed the $file to hold a path that is not protected through http auth. it works perfectly fine and loads the file. Best Regards, Scott -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: alternative to protecting files through http auth.
On 18 [EMAIL PROTECTED] 2004 01:59, Scott Taylor wrote: Yes, sorry. Here is the code: $file = 'http://miningstocks.com/protected/archive/Dec03PostPress.pdf'; //now view the PDF file header(Content-Type: application/pdf); header(Accept-Ranges: bytes); header(Content-Length: .filesize($file)); readfile($file); I can send the rest if necessary. You're telling PHP to get the file using HTTP, thus subjecting it to Apache's protection mechanism. You need to get the file via the filesystem: readfile('/local/path/to/file.pdf'); -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* The absence of labels [in ECL] is probably a good thing. -- T. Cheatham */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: alternative to protecting files through http auth.
Paul Chvostek wrote: On Wed, Jan 14, 2004 at 04:17:06PM -0500, Scott Taylor wrote: Is there no other way to protect your (non PHP) files than through authentication? I've been trying to set up a system that will protect files. Those trying to access the files would only be able to do so after entering their email address. So I set up a form that submits the email to my database. But then the problem is: how to access the files? Put the files in a directory somewhere outside the DocumentRoot of the web site in which the PHP code lives. Have the PHP code do whatever authentication you want (even if it's just collecting an email address), and upon success, use file() or readfile() or include() or file_get_contents() or equivalent to pull the file contents from their location on the server. Alternately, if you aren't able to create directories or access files outside the DocumentRoot for your site, you can create an unbrowsable storage directory protected with a .htaccess file. If the filesystem permissions are correct, your PHP script will be able to read content from that directory, because PHP code isn't subject to .htaccess rules. It actually does not work. I am trying to load a PDF file. I've tried to load it from a protected directory loading it with headers, but this fails if the protection is on. Does this make sense to you? Unfortunately, I do not have access to the .htaccess file (I am on a shared server where I am not the administrator) and I can not store documents outside of my http document directory. Scott Taylor -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: alternative to protecting files through http auth.
On Saturday 17 January 2004 04:03, Scott Taylor wrote: Alternately, if you aren't able to create directories or access files outside the DocumentRoot for your site, you can create an unbrowsable storage directory protected with a .htaccess file. If the filesystem permissions are correct, your PHP script will be able to read content from that directory, because PHP code isn't subject to .htaccess rules. It actually does not work. Could you explain what, exactly, does not work? I am trying to load a PDF file. I've tried to load it from a protected directory loading it with headers, but this fails if the protection is on. Does this make sense to you? The above outlines a scheme which is workable. Could you describe the steps you took to implement said scheme which lead you to the conclusion that It actually does not work ? -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* It is not good for a man to be without knowledge, and he who makes haste with his feet misses his way. -- Proverbs 19:2 */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: alternative to protecting files through http auth.
On Wed, Jan 14, 2004 at 04:17:06PM -0500, Scott Taylor wrote: Is there no other way to protect your (non PHP) files than through authentication? I've been trying to set up a system that will protect files. Those trying to access the files would only be able to do so after entering their email address. So I set up a form that submits the email to my database. But then the problem is: how to access the files? Put the files in a directory somewhere outside the DocumentRoot of the web site in which the PHP code lives. Have the PHP code do whatever authentication you want (even if it's just collecting an email address), and upon success, use file() or readfile() or include() or file_get_contents() or equivalent to pull the file contents from their location on the server. Alternately, if you aren't able to create directories or access files outside the DocumentRoot for your site, you can create an unbrowsable storage directory protected with a .htaccess file. If the filesystem permissions are correct, your PHP script will be able to read content from that directory, because PHP code isn't subject to .htaccess rules. -- Paul Chvostek [EMAIL PROTECTED] it.canadahttp://www.it.ca/ Free PHP web hosting!http://www.it.ca/web/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: alternative to protecting files through http auth.
there has been a discussion in this group recently about URL re-writing (see URL rewriting...anybody done this? and replies) That is a possibility, using a combination of URL Re-Writing PHP Sessions/Cookies And the Location: header So all requests go back to the index, then you decide from the index.php page if they have to be redirected, or if they are already logged in, or if they dont have permission That might work -- Luke Scott Taylor [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Is there no other way to protect your (non PHP) files than through authentication? I've been trying to set up a system that will protect files. Those trying to access the files would only be able to do so after entering their email address. So I set up a form that submits the email to my database. But then the problem is: how to access the files? I could just use http://username:password/test.com/test.jpg method, but then what would be the point of trying to protect the files in the first place? It would simply be the same as with holding the link to begin with. So is there an alternative to using http basic authentication to protect files? Or is there a simple way to authenticate the pages themselves without using something like Manuel Lemos' PHP HTTP class? Best Regards, Scott Taylor -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: alternative to protecting files through http auth.
Paul Chvostek wrote: On Wed, Jan 14, 2004 at 04:17:06PM -0500, Scott Taylor wrote: Is there no other way to protect your (non PHP) files than through authentication? I've been trying to set up a system that will protect files. Those trying to access the files would only be able to do so after entering their email address. So I set up a form that submits the email to my database. But then the problem is: how to access the files? Put the files in a directory somewhere outside the DocumentRoot of the web site in which the PHP code lives. Have the PHP code do whatever authentication you want (even if it's just collecting an email address), and upon success, use file() or readfile() or include() or file_get_contents() or equivalent to pull the file contents from their location on the server. Alternately, if you aren't able to create directories or access files outside the DocumentRoot for your site, you can create an unbrowsable storage directory protected with a .htaccess file. If the filesystem permissions are correct, your PHP script will be able to read content from that directory, because PHP code isn't subject to .htaccess rules. Thank you very much. That is exactly what I was looking for. Best Regards, Scott Taylor -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php