Join Up! 104884 members and counting!

Login To PHPBuilder User Name: Password: Register A New Site Account * NOTE: This is for logging into the main site only! To login to the forums, click here

Linux Today Enterprise Linux Today Apache Today JustLinux.com Linux Planet PHPBuilder All Linux Devices Hiermenus DatabaseJournal Technology Jobs Covalent Extends Apache 2.0 to Microsoft ASP.NET ShopWorX - Support for Windows PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1 Network Risk Assessment Full-Featured, Java-Based Apache GUI Open Source Databases: As the Tables Turn GIS Mapping with PHP PHP Web Blog - Part 3 PHP Code Snippet, Script, and Function Library Using Ajax with PHP to Create an Interactive Web Page

php-db | 2001041

From: bryan (bryan <email protected>)
Date: 04/10/01

• Next message: Ron Brogden: "Re: [PHP-DB] images"
• Previous message: Mark Roedel: "RE: [PHP-DB] A Real PHP problem for a change..."
• In reply to: John Huggins: "RE: [PHP-DB] images"
• Next in thread: Ron Brogden: "Re: [PHP-DB] images"
• Reply: Ron Brogden: "Re: [PHP-DB] images"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Maybe there is a way to use .htaccess more appropriately,
but, this site allows guest / non-members, to buy something.
Once they buy something, they are given a username of
email, and password (they choose). If they log back in, they
should have access to ONLY the files they purchased. So,
I purchase 2001/jan/picc_set1/pic1.zip, then I have access
to all the file in 2001/jan/pic_set1/images/pic1.jpg, ""...pic2.jpg,
etc. The only problem is, if I can get to that image, what would
stop me from doing 2001/jan/pic_set2/images/pic1.jpg, etc...?

I have only used .htaccess one way, and that is to password protect
a directory. Maybe thats the only way to do this....
If I have 43 images in 1 directory, .htaccess wouldn't stop me from
typing in the direct path, would it?

Thanks for your help and any more help with this issue
would be greatly appreciated.

bryan

----- Original Message -----
From: "John Huggins" <huggins <email protected>>
To: "bryan" <bryan <email protected>>; "db" <php-db <email protected>>
Sent: Tuesday, April 10, 2001 10:31 AM
Subject: RE: [PHP-DB] images

> .htaccess
>
> > -----Original Message-----
> > From: bryan [mailto:bryan <email protected>]
> > Sent: Tuesday, April 10, 2001 2:47 PM
> > To: db
> > Subject: [PHP-DB] images
> >
> >
> > Question:
> >
> > Having problems with a site I am doing.
> > How can I stop a user from gaining access to images in
> > a certain directory. I have directory browsing turned
> > off, but in the instance someone buys something, if
> > the path to the image is 2001/apr/a1/image1.jpg, what
> > would stop someone from typing 2001/apr/a1/image2.jpg
> > or 2001/apr/a2/image1.jpg, and gaining access to all the
> > files?
> >
> > If anyone has any guidance on this, I would appreciate
> > it!
> >
> > Thanks
> > bryan
> >
> >
> > [ bryan fitch . programmer . bryan <email protected> ]
> >
> >
> >
> >
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: php-db-unsubscribe <email protected>
> For additional commands, e-mail: php-db-help <email protected>
> To contact the list administrators, e-mail: php-list-admin <email protected>
>

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: php-db-unsubscribe <email protected>
For additional commands, e-mail: php-db-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>

• Next message: Ron Brogden: "Re: [PHP-DB] images"
• Previous message: Mark Roedel: "RE: [PHP-DB] A Real PHP problem for a change..."
• In reply to: John Huggins: "RE: [PHP-DB] images"
• Next in thread: Ron Brogden: "Re: [PHP-DB] images"
• Reply: Ron Brogden: "Re: [PHP-DB] images"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Columns / Articles | Tips / Quickies | News | News Linking and RSS Feeds | Shared Code Library Mail Archives | Support / Discussion Forums | Get Started! Links | Contribute! | Docs