On Fri, April 13, 2007 11:43 am, Skip Evans wrote: > So the directory for the artist, which will be one > level below the docroot, like Don't do that. You have to work WAY too hard to make sure you have a gate-keeper to force people to pay. Put the files outside the webtree, and have a PHP script that controls access and is your gate-keeper. It's kind of like the difference between holding a music festival in a park with no fence, and holding a music festival in a convention center. In the first case (your mp3 in the web-tree == open park) you end up having to build a fence, and there will always be somebody trying to jump the fence, because it's just a temporary fence and obviously not very secure. In the second case (the mp3 outside the web-tree) there's a big brick wall and a tiny number of doors that need guarding, and it's much easier to secure. > I was wondering if it were possible to drop a > .htaccess file into each artist's directory that > would password protect it and then code the URLs > in the PHP script that allows access to the fines > to access the files with a user name and password, > but also hid this URL from display in the browser? You could do all that, but... > The files need to be under the document root to > allow a link to download them, right? No. Have the link go to a PHP script, which authenticates the user (in your case, makes *sure* they paid) and then that script does http://php.net/readfile The MP3 itself should live outside the web-tree in a "private" directory. You'd still want to have the sub-directories under "private" organized by artist and all that. Your upload script would simply move files into this directory tree instead of the web tree -- which is better anyway, as that means you needn't have php-writable directories inside your web-tree, which is also a Risk. You *DO* have to have your download URL cleverly-crafted to make the browser do the right thing, and you have to send the right headers for the MP3 right before the readfile, but that's actually quite easy with $_SERVER['PATHINFO'] and header() function. -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
