[nycphp-talk] serving a download only to authenticated users
Justin Dearing
zippy1981 at gmail.com
Tue Oct 28 22:49:47 EDT 2008
Yeah don't keep the powerpoint in the htdocs directory. Your
methodology is sound. Of course, if this is the only thing password
protected, just protect that directory with a htpasswd and htaccess
file.
On Tue, Oct 28, 2008 at 10:40 PM, David Mintz <david at davidmintz.org> wrote:
>
> You folks have done this a thousand times so it's cake to you. This is the
> first time I have had to make a Powerpoint download available only to
> authenticated users. Tell me if it's this simple:
>
> <?php
> /* download.php pr something like that */
>
> // authentication logic. Then, if they're logged in...
>
> header('Content-disposition: attachment; filename=whatever.ppt');
> header('Content-type: application/vnd.ms-powerpoint');
> readfile('whatever.ppt');
>
> And yes, I think I will put an apache directive in there to deny direct
> browser access so they can't defeat it by accessing
> http://example.org/password-protected-area/whatever.ppt. Or maybe put it
> somewhere outside the public html.
>
> Is that it, or am I missing anything?
>
> --
> David Mintz
> http://davidmintz.org/
>
> The subtle source is clear and bright
> The tributary streams flow through the darkness
>
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
More information about the talk
mailing list