Sebastian, I believe I have to do what you do, but from your cryptic msg I've not been able to figure it out.
We have a subscription site, and if a subscriber wants a PDF, the link which requests it checks for a session cookie. If it's not set the user is directed to a logon script which checks username/password against a database and sets the session cookie if everything is OK. It automatically redirects to the calling script, and because the session id is now present the PDF can be accessed. To my horror, I discovered on Friday that if I just type in the URL with the name of the PDF it's delivered with no checking at all. I have to move them to a safe place, either outside the web tree or to a directory protected by htaccess. This is where I'm stuck. If I use .htaccess, I don't want to maintain a separate .htaccess file in addition to the subscriber table in the database. Can I set have my logon script set an Apache variable that will give access to the protected directory which store the PDf's? Or do they have to be passed? If so how? Would that mean that I'd need only one or a few username/password pairs in htaccess? or Is htaccess (or Apache's security) somehow satisfied by setting the variables? Regards - Miles Thompson At 01:19 PM 10/19/2001 +0200, you wrote: >Hi George > >I had the same problem a while ago. >The only solution i found was to change the link to : >www.blabla.com/pdffile/test.pdf >test.pdf does not exist, but >in /pdffile/ there is a .htaccess which redirects the 404 to the php >script that reads/generates the pdfs. And for my purpose checks if user >is >authorized to get these files. > >sebastian <George's part is snipped, as it doesn't matter to me if the filename is preserved.> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
