On Wednesday 06 April 2005 16:23, Charles Hamel typed: > Hi > > I am bulding a secure intranet.(php, mysql, apache) > I am using a session and Mysql to handel the user accounts. Everythying > works fine with that. > > The client now needs to share word/pdf document with the registered user. I > created a secure directory using .htaccess for this purpose and it works as > well .... the user are promt to enter a username password. > I was expecting this to work ... > http://username:password@xxxxxxxxxxxxxx/safeDir/Word.doc but it isn't. IE dropped support (or severely neutered it) for username:password in URLs a while back. One way to handle this is to write a wrapper script that accepts the file name as a parameter. The script verifies that the user is allowed to access the file, and sends back the file with appropriate content type etc. Files can then be stored outside of the document root, preventing access even if you guess the file name. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
