> if (!session_is_registered("SESSION")){
> print ("You must Log-In to access this page\n");
> print ("<a href='sign_in.php'>");
> print ("Click here to Log In");
> }
print ("<a href='sign_in.php'>");
should be:
print("<a href='sign_in.php'>Sign-in</a>"); // or something like that
But anyways, I don't think that's quite what he wanted. I think the idea is
to protect the link to a file so only special users can see it. Sure this
code with protect the page from being viewed, but, download.php or whatever,
if it is protected it still points to a physical file. If a user for some
reason desires to leak the actual link then there could be a problem. This
is why he probably should change the physical file data.
----- Original Message -----
From: "Bret L Conard" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, June 18, 2002 6:22 AM
Subject: Re: [PHP] How do I hide download link ...
> Start a session on the sign in page, and check for the session before
> displaying the page with the link. The it does not matter if the link page
> URL is distributed. In my situation;
> 1. Sign in page goes to a validation script.
> 2. Check for form fields. (1st of Nested loops)
> if (isset($formField)){//check for form.....
> 3. If form, validate user and start session
> $result = mysql_query("SELECT * FROM ok_users WHERE password =
> $password AND user_ID = $user_ID");
> if (mysql_num_rows($result) < 1){// No user so exit
> if (mysql_num_rows($result) > 1){// Too many users (bad data) so
> exit
> else{ //valid user
> session_start();
> // register the variables you need or want
> session_register("SESSION");.
> 4. redirect to page with download
> header ("Location: download.php");
> //// must be in the session start snippet or get too many headers errors
> /////
> }//end start session code
> }//end check for multiple match
> }//end check for form (and other actions)
> else{//if no form.....
> print ("You must login to access this page");
> }
> 5. On download page check for session.
> <?php
> session_start();
> // *********************************** session check*/
> if (!session_is_registered("SESSION")){
> print ("You must Log-In to access this page\n");
> print ("<a href='sign_in.php'>");
> print ("Click here to Log In");
> }
> else{
> ////////body of page
> }
>
> Now if you access the download page directly, you only get a link to sign
> in...........
>
> Does this help?
> Bret
>
>
> ----- Original Message -----
> From: "Fargo Lee" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, June 12, 2002 4:14 PM
> Subject: [PHP] How do I hide download link ...
>
>
> > Hi, my customers go through a password authentication to access a link
on
> my
> > site to download a file. I want to prevent the distribution of the
> location
> > of this file on my server by making it hidden. Is there any php
> function(s)
> > that could assist in doing this?
> >
> > All I can think of so far is storing the original file in a hard to
guess
> > directory, when a authenticated customer goes to download it, send them
to
> a
> > script that copys the original file to a temp directory, they download
the
> > file in the temp directory and then run a cron every so many minutes to
> > clear out the files in the temp directory.
> >
> > If anyone has any ideas, examples or a way to improve on what I came up
> with
> > please respond. Thanks!
> >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
