Re: restricted access

---

• From: Good Man <heyho@xxxxxxxxxx>
• Date: Fri, 11 May 2007 15:31:41 -0500

---

"Zoe Brown" <zoenaomibrown@xxxxxxxxxxxxxxxxxxxxxx> wrote in
news:H831i.3223$o42.590@xxxxxxxxxxxxxxxxxxxx:

Thanks, I think I have decided to go down the .htaccess route. This
will mean that the user will have to enter a username and/or password
which will give them access to their link (they need to access the pdf
via the website) and then once they access the file they will be
prompted by the sever for username/password again. I think my client
will live with this.

Sure, they may live with it, but you must recognize its far from ideal.
A username+password system is good, but two systems? For retrieving one
file? It sounds to me like you are forcing your user to deal with this
problem instead of tackling it yourself on the programming side.

Storing the file above the www root and streaming it via PHP is the best
solution for what your client wants... when your system "gets" the PDF
via PHP upload, store it in a folder above 'www' and keep the info in a
database 'files' table (the file name, the real location on the server,
and a bunch of random characters to serve as a key instead of using an
auto-increment ID).

Then, you have a file called "streamFile.php".... your user clicks on
the link "streamFile.php?key=3197fhduabsd", and your script looks up the
file according to the key, then uses readfile(); or a custom function to
stream the file to the browser....

Or, you could go with .htaccess entirely. But using a combo of
..htaccess, sessions and databases to control user access is more often a
headache than not. And asking people to enter a username/password more
than once is incredibly annoying and bad user interface design.

Good luck!


.

---

• Follow-Ups:
  • Re: restricted access
    • From: Zoe Brown

• References:
  • restricted access
    • From: Zoe Brown
  • Re: restricted access
    • From: Tom
  • Re: restricted access
    • From: Zoe Brown

• Prev by Date: Re: restricted access
• Next by Date: Re: enable domxml in php4
• Previous by thread: Re: restricted access
• Next by thread: Re: restricted access
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Protecting unauthorized viewing of non-php files ... thoughts if you don't have access to dirs outside the doc root: ... put the pdf's in a database ... use .htaccess in your pdf dir to make any http ... (comp.lang.php) Re: Password problem ... Joe, I'm a little confused by your new description of what you are doing. ... Unsecured database #1 executes code which: ... permissions to perform that update. ... does it ask for a username/password? ... (microsoft.public.access.formscoding) Re: Unified Login with TSWEB ... connection without ever presenting the user with a USERNAME/PASSWORD ... The wrapper web page would query a database to ensure that ... (microsoft.public.windowsxp.security_admin) All databases including new ones require password! ... I have been practicing Access 2000 with the Northwind database and ... attempting to set security. ... not using it I came back to make a new database and found I could not open ... username/password say security is not set. ... (microsoft.public.access.security) Re: You do not have necessary permissions error... ... Crystal asking for a username/password. ... Joan Wild ... Microsoft Access MVP ... is the error i get when i try to access my database. ... (microsoft.public.access.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

coding.derkeiler.com  > Archive  > PHP  > alt.php  > 2007-05