SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Enthusiast the dooode's Avatar
    Join Date
    Jun 2004
    Location
    UK
    Posts
    62
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Direct access to secure files

    I have a secure area that users have to login into to access. The login mechanism is via a web form and storing state in a PHP session. This is all great but it seems a document posted on a page in the secure area can still be accessed directly (if you know the URL).

    The only thing i can think of to stop this is using an apache module like mod_auth_mysql on the document folder BUT this means the user logging in twice.

    Has anyone got any other ways around this problem?

  2. #2
    SitePoint Guru Ruben K.'s Avatar
    Join Date
    Jun 2005
    Location
    Alkmaar, The Netherlands
    Posts
    693
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You could serve the content through PHP

    Code:
    session_start();
    if( isset( $_SESSION['username'] ) )
    {
        header( "Content-type: text/plain" );
        echo file_get_contents( 'http://yoursite.com/actual_location/mytext.txt' );
    }
    So that it would only serve the document if the user is actually logged in when visiting yoursite.com/document.php?id=1 for example, and display an error message if he isn't

  3. #3
    SitePoint Enthusiast the dooode's Avatar
    Join Date
    Jun 2004
    Location
    UK
    Posts
    62
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Now that is a good idea Thanks Ruben.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •