Ok, this is the situation: I have an extranet server, we have personalized pages for 30+ users from five states. They have to log in(no one else can veiw their page) and they have specific files that they can download when the become available(at least 30 large data files per year). Nobody else should be able to download the files either.

The question is: Can I do this with PHP. I've got a database but together with userids and password, I'll use that to log them in and get them to their personal page(and hopefully dynamically create the pages). The question is: What about the data files? I don't want them to have to log in a second time to get those, but how do I keep them from being downloaded by anyone? Can PHP do this somehow?

yes

Originally posted by tminos:
yes

Yes to which one? That I should have my head examined or PHP can do that?

:D BOTH :D

Ok, thanks! Can I ask two more questions?

1. Can someone point me in the right direction as far as using PHP to keep people from downloading files they shouldn't?
2. Can you recommend a good therapist?

Thanks! :)

how bout this:

<?php
if($access != "whatever")
{
header("location: ../index.php");
}
?>


This assumes that you set $access from the database, and whatever would be what distinguishes your client pages. Does this help?

jcrowe

<?php
if($access != "whatever")
{
header("location: ../index.php");
}
?>


This assumes that you set $access from the database, and whatever would be what distinguishes your client pages. Does this help?

jcrowe[/b]<HR></BLOCKQUOTE>

Ok, correct me if I'm wrong, but this would be placed in each page, to keep people out? Ok, that'll work for the html pages, but it won't stop them from downloading files that they are not meant to download.
The only way I can think of to keep people from downloading files they aren't supposed to is to either password protect those directories(so they'll have to log in twice), or hope that if a person doesn't have a link to the downloads they can't find them? Doesn't sound very secure.

[ 23 March 2001: Message edited by: The most annoying girl at LNO!! :p ]

Or maybe I should ask is there a way to pass password between PHP and .htaccess? or visa versa?

Yes, you can use PHP to modify the Apache AUTH variables (sending and receiving information from them and such).

To allow people to only download files specific to themselves, you might want to take a look at some of the download manager scripts on php.hotscripts.com.

You can do anything you want with PHP, you just need to find the right command.

Here is a link that may help you out. I think you could have them log in then just assign the $PHP_AUTH_USER & $PHP_AUTH_PASS variable the login value when they login the first time. anywho, heres the url php manual - php_auth (http://www.php.net/manual/en/features.http-auth.php)

Also, you might concider puting the downloadable files into MySQL as Blob items that way you could only show the files that belong to a certian user.

jcrowe

Yes you could do this with php. Do somereading search out "authentication with php".

I would probably just write a perl script to check the $REMOTE_USER and direct them to there home directory depending on there identity within $remote_user. Use perl or php to read in the .user file that looks like:

username:/path/to/homedir/
username2:/path/to/homedir2/

in these home dirs you have a .htaccess file to protect that directory from all other users.
something like:

while(<USERFILE> )
{
if(/^$remote_user/)
{
($junk,$dir) = split(/:/, $_);
print "location: $dir\n\n;";
}
}
close USERFILE;

hope this snippet gives you ideas let me know how you do it.

[ 24 March 2001: Message edited by: micxz ]

Thanks for all you help guys. Looks like I have some reading to do. At least now I have a direction to go! Thanks! :)