An easier way to do it might be to use HTTP authentication with apache
using .htaccess and .htpasswd files, which can be placed in the secure
directories. (Or use one global .htpasswd file and have all .htaccess files
point to it.)
Another possibility would be to set up two PHP scripts, one being some
kind of form to enter a username, password, etc., and another to check the
input and act as a pass-thru for the file to be downloaded. The second
script could look something like this (obviously simplified):
if ($authenticated)
{
header("Content-type: whatever/text");
readfile($filename);
}
else
{
print "You can't download this."
}
Which you would call as something like:
http://www.example.com/path/download.php?filename=somefile.txt
Obviously, you need to take care of a few security problems, like making
sure they don't do something like
http://www.example.com/path/download.php?filename=/etc/passwd
And you'd have to make sure the file exists and such before sending it out.
And determine the MIME type of the file. (I usually do this by extension.)
But overall, it would work. I have a similar script, minus the
authentication feature.
J
John Coggeshall wrote:
>
> Hey all..
>
> I've got a question -- I'd like to restrict access to entire directories
> based on if the user has been authenticated or not. Basically, I'd like
> to set up a auto-include *FROM APACHE* to run a PHP script prior to
> sending any documents what-so-ever and only send the requested document
> if the PHP script allows it. So..
>
> Request Made -> PHP Script Runs -> PHP Checks Authentication -> PHP says
> OK -> Apache sends file normally
>
> Or..
>
> Request Made -> PHP Script Runs -> PHP Checks Authentication -> PHP says
> NO -> Apache stops dead in it's tracks or displays a HTTP error
>
> Is this possible? It has to work for any document or MIME type and be
> restrictable by directory... (i.e. I just want this happening in a
> /secure/ directory)
>
> John
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
