[nycphp-talk] Single-Logon User Authentication, PHP and viewing non-ASCII
soazine at erols.com
Mon Aug 18 15:30:17 EDT 2003
I looked up fpassthru online and how to set the headers. Your solution
sounds fine for hopefully viewing a single file, but how about producing a
list of files for display?
----- Original Message -----
From: "Brian Pang" <bpang at bpang.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Monday, August 18, 2003 3:26 PM
Subject: Re: [nycphp-talk] Single-Logon User Authentication,PHP and viewing
> I use a function which invokes fpassthru
> first I check to make sure the user has the right priviledges, if so,
> then pass the file thru...
> the link to the file might end up being something like
> just remember to properly set the headers
> > This is a multi-part message in MIME format.
> > This challenge is beyond me, as it seems to be the case.
> > I am having to set up a user-authentication script that is basic
> logon/registration process. mySQL db captures username, password, and
> other important fields such as their payment category and isAdmin (if
> they are an admin on the site). Once stored they will be able to login
> once payment category is '4' (which means 'PAID').
> > Upon being able to login, one of the features any user, admin or not,
> can do is to view restricted files in the /web/contents folder. They
> can view the list or click onto a link and view the file itself
> (assuming it's a url-friendly file like .txt or .doc or .pdf or
> > Here's where I am totally stuck.
> > The /web/contents folder must be locked down so that the outside world
> cannot view it; only authenticated users must view it. Problem is, by
> doing that I force a double-login since that would involve using
> .htaccess on the folder. (Note, I was told mySQL has a means of
> interfacing with .htacesss, however, that too would fail because the
> requirements for login involve username, password, isAdmin and
> payment_category all being set to certain values).
> > I thought of locking down the folder to 700 and each script uploaded
> to 600 (using TCL CGI instead of PHP to do the actual uploading),
> however, how would I be able to allow for users to VIEW non-ASCII files
> (like .doc or .pdf)?
> > Has anyone faced anything like that, if so, please let me know.
> > Thanx
> > Phil
> talk mailing list
> talk at lists.nyphp.org
More information about the talk