I haven't been able to find much on this subject in the archives. Using sessions I have been able to have the server validate the user's access level before serving him a page. I put include files on each page that I want authenticated. This is all well and good, except on my pages there are links to non-html, and non-php files that are stored in document directories on the server.
How, on a file-by-file basis, do I ensure that the user is authorized to download these files? If he gets to them through the link I provide, this is acceptable because he is already authorized to view the page that the link is on. However, if he somehow knows the full path to the file, he can get to it directly, bypassing the link and overriding the authentication system. Thanks for any help on this question. Roger Lewis -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php