Reply to Using PHP for accsess control, preventing access to static files

Your name:

Reply:


Posted by Dan Trainor on 10/20/53 11:30

Hello, all -

I'm designing a controlled access system in PHP, and it's coming along
quite well. It's very simple, and just sets a session varibale, such as
$_SESSION['authenticated'] = 1, not a whole lot.

Now I run a small sniplet of code on the top of each HTML and PHP file,
which checks for this variable, and either allows or denys access to the
page.

However, how do people protect against the downloading of real files,
ones which are not parsed by PHP? .WMV, .MOV, .ZIP, .EXE and so on? I
want to protect access to these as well, and if a visitor just types in
a URL and is able to access the file because my access control mechanism
simply doesn't work on those types of files, what should be the solution
here?

It's been suggested to use readfile() to accomplish this, by forwarding
content from outside of the document root - but this just sounds odd.
On top of being (what I think would be) incredibly slow, it just doesn't
sound "right".

Thanks!
-dant

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация