Hello, i saw that the end file always has the name test.zip ( http://php1.net/b/file-browser/index.php ) Are you zipping the file before outputing to the user ? In that case, you are accomplishing the desired goal of hidding the path, because the file changed but the path is always the same. Am i right ? On Wed, Aug 27, 2008 at 4:28 PM, tedd <tedd.sperling@xxxxxxxxx> wrote: > At 4:13 PM +0200 8/27/08, Angelo Zanetti wrote: > >> Hi all, >> >> We have a site and we have created an admin section where the admin can >> upload documents. >> >> We have made a user login section where they can view a list of the >> documents (from the DB) and download the file. >> >> We want to make the site however not allow ppl to type in the path of the >> document and retrieve the file. How is this accomplished? >> >> Are the documents stored in a hidden / non-web accessible directory? >> >> Or is this restricted with APACHE? >> >> Please advise >> > > > Well...none of the above. > > I would have a php script deliver the files and not allow the user to see > the path. > > Here's an example: > > http://php1.net/b/file-browser/index.php > > It would be a simple matter not to show the path but rather just show > what's available to the user and then let the php script deliver the product > to the user via a common url, like the demo does. > > In other words, the most that any user can get is the path to one spot > where your script deposits the file for download. > > Cheers, > > tedd > > -- > ------- > http://sperling.com http://ancientstones.com http://earthstones.com > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- Com os melhores cumprimentos, Tiago Palhota
