Posted by Bob Smith on 12/23/05 02:06

On 12/22/2005 6:21 PM, Yannick Benoit wrote:
> H!
> I know I could use login and check http_referers.
> But when the person gets to download the file then he
> has the direct link to the file so later he doesnt have to
> login anymore. That is when I want to prevent.
> I dont want people to be able to downlaod the file directly
> without being authenticated.

Go through a login script the first time and set a cookie with authentication
info. The next time the login script is run, check for the cookie first, and,
if authenticated, skip the login.

This allows a user to save a link to a file (perhaps as
http://www.example.com/login.php?file=secret.txt) and load it anytime. She
needs to authenticate explicitly the first time only; thereafter the
authentication is done silently.

--
_________________________________________
Bob Smith -- bsmith@sudleydeplacespam.com
a.k.a. bsmith@dequalitasspam.com

To reply to me directly, delete "despam".

• Next in forum: Re: modrewrites (different rewrites but same destination - is this possible) ?
• Prev in forum: Re: Breaking backwards compatibility - good or bad?
• Thread view: Re: file protection

[Reply to this message]