Dan Trainor said the following on 10/27/2005 01:34 PM:
Ben wrote:
Move the files outside the document root so that they aren't available
via a direct URL, then create a 'file access page' in php that will
check for the session variable and either send or not send the file
based on whether the user has access.
- Ben
Ben -
I knew this, but it was the "send or not send" thing that I was
concerned about ;)
Sounds like you need to have a look here:
http://ca3.php.net/manual/en/ref.filesystem.php
and specifically here:
http://ca3.php.net/manual/en/function.fpassthru.php
and so you can set the proper headers:
http://ca3.php.net/manual/en/function.filetype.php
The on-line manual is your friend :-).
Also, you will want to be _very_ careful about ensuring that the file
you are sending is in fact the file you want to be sending (ie
/etc/passwd would be a no-no).
- Ben
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
