At 4:13 PM +0200 8/27/08, Angelo Zanetti wrote:
Hi all,
We have a site and we have created an admin section where the admin can
upload documents.
We have made a user login section where they can view a list of the
documents (from the DB) and download the file.
We want to make the site however not allow ppl to type in the path of the
document and retrieve the file. How is this accomplished?
Are the documents stored in a hidden / non-web accessible directory?
Or is this restricted with APACHE?
Please advise
Well...none of the above.
I would have a php script deliver the files and not allow the user to
see the path.
Here's an example:
http://php1.net/b/file-browser/index.php
It would be a simple matter not to show the path but rather just show
what's available to the user and then let the php script deliver the
product to the user via a common url, like the demo does.
In other words, the most that any user can get is the path to one
spot where your script deposits the file for download.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
