I am trying to get a script to work that will protect individual files,
not just a directory. The script I am using is this -
<?
if($auth == "yes")
{
$file = "downloads/2004_February_PB_File1.pdf";
$len = filesize($file);
header("Cache-Control: no-store, no-cache, must-revalidate"); // HTTP/1.1
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache"); // HTTP/1.0
header("Content-type: application/pdf");
header("Content-Length: $len");
header("Content-Disposition: inline;
filename=2004_February_PB_File1.pdf");
header("Content-Transfer-Encoding: binary\n");
readfile($file);
}
else
{
echo "Sorry, you must be logged in to access this page. <a
href='index.php'><<Back</a>";
// this is the end of the script, next lines added for testing purposes
only
echo "<br />File size: $len";
echo "<br />File name: $file<br />";
echo "File size using the filesize() function: " .
filesize("downloads/2004_February_PB_File1.pdf");
echo "<br />";
echo "File type using the filetype() function: " .
filetype("downloads/2004_February_PB_File1.pdf");
echo "<br />";
echo "File owner using the fileowner() function: " .
fileowner("downloads/2004_February_PB_File1.pdf");
}
?>
The test lines above do show the expected results. The two echo statements
that are supposed to show the variables $len and $file do not result in
anything. The problem seems to be with the first line auth == 'yes'. If I
change it to 'no' the script still gives the same results as when it is
'yes'.
Here's what it's supposed to do -
I have a directory of files that is protected by a .htaccess file. I have
a password file outside the web root called passwd. The same passwd file
is used for other directories for my use only and it works fine. The
script is supposed to see the .htaccess file and pass the visitor through
without them having to actually log in, and then the file will download
automatically.
My purpose -
is to prevent people from manipulating the url in the location bar and
download documents directory without loggin into the site. The .htaccess
works by itself, but I don't want to require the users to 'log in' a
second time to download a file. They have to log into the site, they
should be able to download the docs freely.
I hope this is clear (clear as mud probably). Anyway, I found this script
on http://www.wazzup.co.nz/tutorials/protect_pdf/index.php. I sent a
message to the author and haven't heard back yet, so thought I'd try here.
If anyone knows of a better/easier/alternative way to protect individual
files, give a logged in user free access to it, but protect it from
downloads from people not logged in, I'm certainly open to any and all
suggestion. The docs are price lists that we wouldn't want our competitors
to get ahold of.
Thanks for the help,
--
Chip Wiegand
Computer Services
Simrad, Inc
www.simradusa.com
[EMAIL PROTECTED]
"There is no reason anyone would want a computer in their home."
--Ken Olson, president, chairman and founder of Digital Equipment
Corporation, 1977
(Then why do I have 8? Somebody help me!)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
