Posted by Ben on 10/20/76 11:30

Dan Trainor said the following on 10/27/2005 01:34 PM:
> Ben wrote:
>>Move the files outside the document root so that they aren't available
>>via a direct URL, then create a 'file access page' in php that will
>>check for the session variable and either send or not send the file
>>based on whether the user has access.
>>
>>- Ben
>>
>
>
> Ben -
>
> I knew this, but it was the "send or not send" thing that I was
> concerned about ;)

Sounds like you need to have a look here:
http://ca3.php.net/manual/en/ref.filesystem.php

and specifically here:
http://ca3.php.net/manual/en/function.fpassthru.php

and so you can set the proper headers:
http://ca3.php.net/manual/en/function.filetype.php

The on-line manual is your friend :-).

Also, you will want to be _very_ careful about ensuring that the file
you are sending is in fact the file you want to be sending (ie
/etc/passwd would be a no-no).

- Ben

[Back to original message]