> if (!session_is_registered("SESSION")){ > print ("You must Log-In to access this page\n"); > print ("<a href='sign_in.php'>"); > print ("Click here to Log In"); > }
print ("<a href='sign_in.php'>"); should be: print("<a href='sign_in.php'>Sign-in</a>"); // or something like that But anyways, I don't think that's quite what he wanted. I think the idea is to protect the link to a file so only special users can see it. Sure this code with protect the page from being viewed, but, download.php or whatever, if it is protected it still points to a physical file. If a user for some reason desires to leak the actual link then there could be a problem. This is why he probably should change the physical file data. ----- Original Message ----- From: "Bret L Conard" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, June 18, 2002 6:22 AM Subject: Re: [PHP] How do I hide download link ... > Start a session on the sign in page, and check for the session before > displaying the page with the link. The it does not matter if the link page > URL is distributed. In my situation; > 1. Sign in page goes to a validation script. > 2. Check for form fields. (1st of Nested loops) > if (isset($formField)){//check for form..... > 3. If form, validate user and start session > $result = mysql_query("SELECT * FROM ok_users WHERE password = > $password AND user_ID = $user_ID"); > if (mysql_num_rows($result) < 1){// No user so exit > if (mysql_num_rows($result) > 1){// Too many users (bad data) so > exit > else{ //valid user > session_start(); > // register the variables you need or want > session_register("SESSION");. > 4. redirect to page with download > header ("Location: download.php"); > //// must be in the session start snippet or get too many headers errors > ///// > }//end start session code > }//end check for multiple match > }//end check for form (and other actions) > else{//if no form..... > print ("You must login to access this page"); > } > 5. On download page check for session. > <?php > session_start(); > // *********************************** session check*/ > if (!session_is_registered("SESSION")){ > print ("You must Log-In to access this page\n"); > print ("<a href='sign_in.php'>"); > print ("Click here to Log In"); > } > else{ > ////////body of page > } > > Now if you access the download page directly, you only get a link to sign > in........... > > Does this help? > Bret > > > ----- Original Message ----- > From: "Fargo Lee" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, June 12, 2002 4:14 PM > Subject: [PHP] How do I hide download link ... > > > > Hi, my customers go through a password authentication to access a link on > my > > site to download a file. I want to prevent the distribution of the > location > > of this file on my server by making it hidden. Is there any php > function(s) > > that could assist in doing this? > > > > All I can think of so far is storing the original file in a hard to guess > > directory, when a authenticated customer goes to download it, send them to > a > > script that copys the original file to a temp directory, they download the > > file in the temp directory and then run a cron every so many minutes to > > clear out the files in the temp directory. > > > > If anyone has any ideas, examples or a way to improve on what I came up > with > > please respond. Thanks! > > > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php