It seems like there ought to be an easy and obvious way but I haven't found it yet. The site is running on Debian GNU/Linux, with Apache 1.3.27 and PHP/4.3.
I can make a few steps toward the goal:
. I can use sessions with PHP, and thereby allow only authenticated users beyond a certain point in any PHP script.
. I can put .doc files on the server and open them just fine. On my Windows computer both Netscape and IE do the right thing, opening the file in MS Word.
. I can serve a .doc file to an authenticated user with the PHP virtual() function.
But every way that I have thought of so far has this weakness: an unauthenticated user could load the .doc file directly, without going through my PHP script, if that user happened to learn the URL of the .doc file. My PHP scripts do not seem to have any more permissions to access files than the permissions which are granted to any browser.
Any suggestions?
Thanks, Rich Hammer
P.S. have a good hurricane!
-- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
