Start a session on the sign in page, and check for the session before
displaying the page with the link. The it does not matter if the link page
URL is distributed. In my situation;
1. Sign in page goes to a validation script.
2. Check for form fields. (1st of Nested loops)
if (isset($formField)){//check for form.....
3. If form, validate user and start session
$result = mysql_query("SELECT * FROM ok_users WHERE password =
$password AND user_ID = $user_ID");
if (mysql_num_rows($result) < 1){// No user so exit
if (mysql_num_rows($result) > 1){// Too many users (bad data) so
exit
else{ //valid user
session_start();
// register the variables you need or want
session_register("SESSION");.
4. redirect to page with download
header ("Location: download.php");
//// must be in the session start snippet or get too many headers errors
/////
}//end start session code
}//end check for multiple match
}//end check for form (and other actions)
else{//if no form.....
print ("You must login to access this page");
}
5. On download page check for session.
<?php
session_start();
// *********************************** session check*/
if (!session_is_registered("SESSION")){
print ("You must Log-In to access this page\n");
print ("<a href='sign_in.php'>");
print ("Click here to Log In");
}
else{
////////body of page
}
Now if you access the download page directly, you only get a link to sign
in...........
Does this help?
Bret
----- Original Message -----
From: "Fargo Lee" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, June 12, 2002 4:14 PM
Subject: [PHP] How do I hide download link ...
> Hi, my customers go through a password authentication to access a link on
my
> site to download a file. I want to prevent the distribution of the
location
> of this file on my server by making it hidden. Is there any php
function(s)
> that could assist in doing this?
>
> All I can think of so far is storing the original file in a hard to guess
> directory, when a authenticated customer goes to download it, send them to
a
> script that copys the original file to a temp directory, they download the
> file in the temp directory and then run a cron every so many minutes to
> clear out the files in the temp directory.
>
> If anyone has any ideas, examples or a way to improve on what I came up
with
> please respond. Thanks!
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
