Posted by Jerry Stuckle on 07/23/05 17:07

chotiwallah wrote:
>
> JDS wrote:
>
>>On Fri, 22 Jul 2005 05:11:04 -0700, fgarciarico wrote:
>>
>>
>>>If I write in the location bar the url of a video, I can download
>>>without problem because the application cannot test if the user is
>>>already authenticated or not. I´ve read something about RedirectMatch
>>>and it works well but now the users cannot see the videos.
>>
>>Do one of the following:
>>
>>1) Use Basic Auth in the .htaccess file
>>Example: http://httpd.apache.org/docs/1.3/howto/auth.html
>>
>>2) Use Basic Auth within PHP
>>http://us2.php.net/features.http-auth
>>
>>I recommend number (1). Of course, the trouble with that is that it is
>>outside any application logic.
>>
>>You could try putting any .avi (or other protected files) outside the http
>>virtual directory path and then create a PHP shell app that just gets and
>>downloads the file for you. (I know you said you are trying something
>>like this). To do this you will need to use
>>
>>header("Content-type: blah/blah");
>>
>>where blah/blah is the correct content type
>>
>>The important thing here is to put the .avi files (any protected files)
>>OUTSIDE the http virtual directory path! So that one cannot just type in
>>a URL and get the file.
>>
>>
>>--
>> JDS | jeffrey@example.invalid
>> | http://www.newtnotes.com
>> DJMBS | http://newtnotes.com/doctor-jeff-master-brainsurgeon/
>
>
>
> put a .htaccess in your video dir containing the line:
>
> deny from all
>
> this will prevent any browser access in that dir
>
> now deliver the videos to your users with a php script that
>
> 1. checks the credentials and
> 2. if ok, delivers the video via the servers filesystem, using i.e.
> readfile (which is not affected by .htaccess)
>
> micha
>

Or, better yet, put them below the document_root. That way you're not depending
on the .htaccess.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]