On Wed, Jan 14, 2004 at 04:17:06PM -0500, Scott Taylor wrote: > > Is there no other way to protect your (non PHP) files than through > authentication? I've been trying to set up a system that will protect > files. Those trying to access the files would only be able to do so > after entering their email address. So I set up a form that submits the > email to my database. But then the problem is: how to access the files?
Put the files in a directory somewhere outside the DocumentRoot of the web site in which the PHP code lives. Have the PHP code do whatever "authentication" you want (even if it's just collecting an email address), and upon success, use file() or readfile() or include() or file_get_contents() or equivalent to pull the file contents from their location on the server. Alternately, if you aren't able to create directories or access files outside the DocumentRoot for your site, you can create an unbrowsable storage directory protected with a .htaccess file. If the filesystem permissions are correct, your PHP script will be able to read content from that directory, because PHP code isn't subject to .htaccess rules. -- Paul Chvostek <[EMAIL PROTECTED]> it.canada http://www.it.ca/ Free PHP web hosting! http://www.it.ca/web/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
