Posted by JDS on 07/22/05 16:36

On Fri, 22 Jul 2005 05:11:04 -0700, fgarciarico wrote:

> If I write in the location bar the url of a video, I can download
> without problem because the application cannot test if the user is
> already authenticated or not. I´ve read something about RedirectMatch
> and it works well but now the users cannot see the videos.

Do one of the following:

1) Use Basic Auth in the .htaccess file
Example: http://httpd.apache.org/docs/1.3/howto/auth.html

2) Use Basic Auth within PHP
http://us2.php.net/features.http-auth

I recommend number (1). Of course, the trouble with that is that it is
outside any application logic.

You could try putting any .avi (or other protected files) outside the http
virtual directory path and then create a PHP shell app that just gets and
downloads the file for you. (I know you said you are trying something
like this). To do this you will need to use

header("Content-type: blah/blah");

where blah/blah is the correct content type

The important thing here is to put the .avi files (any protected files)
OUTSIDE the http virtual directory path! So that one cannot just type in
a URL and get the file.


--
JDS | jeffrey@example.invalid
| http://www.newtnotes.com
DJMBS | http://newtnotes.com/doctor-jeff-master-brainsurgeon/

[Back to original message]