NYCPHP Meetup

NYPHP.org

[nycphp-talk] Single-Logon User Authentication, PHP and viewing non-ASCII

Phil Powell soazine at erols.com
Mon Aug 18 15:30:17 EDT 2003


I looked up fpassthru online and how to set the headers.  Your solution
sounds fine for hopefully viewing a single file, but how about producing a
list of files for display?

Thanx
Phil

----- Original Message ----- 
From: "Brian Pang" <bpang at bpang.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Monday, August 18, 2003 3:26 PM
Subject: Re: [nycphp-talk] Single-Logon User Authentication,PHP and viewing
non-ASCII


> I use a function which invokes fpassthru
>
> first I check to make sure the user has the right priviledges, if so,
> then pass the file thru...
>
> the link to the file might end up being something like
>
> fileGetter.php?filename=word.doc
>
> just remember to properly set the headers
>
>
>
>
>
> > This is a multi-part message in MIME format.
> >
> >
> > This challenge is beyond me, as it seems to be the case.
> >
> > I am having to set up a user-authentication script that is basic
> logon/registration process.  mySQL db captures username, password, and
> other important fields such as their payment category and isAdmin (if
> they are an admin on the site).  Once stored they will be able to login
> once payment category is '4' (which means 'PAID').
> >
> > Upon being able to login, one of the features any user, admin or not,
> can do is to view restricted files in the /web/contents folder.  They
> can view the list or click onto a link and view the file itself
> (assuming it's a url-friendly file like .txt or .doc or .pdf or
something).
> >
> > Here's where I am totally stuck.
> >
> > The /web/contents folder must be locked down so that the outside world
> cannot view it; only authenticated users must view it.  Problem is, by
> doing that I force a double-login since that would involve using
> .htaccess on the folder.  (Note, I was told mySQL has a means of
> interfacing with .htacesss, however, that too would fail because the
> requirements for login involve username, password, isAdmin and
> payment_category all being set to certain values).
> >
> > I thought of locking down the folder to 700 and each script uploaded
> to 600 (using TCL CGI instead of PHP to do the actual uploading),
> however, how would I be able to allow for users to VIEW non-ASCII files
> (like .doc or .pdf)?
> >
> > Has anyone faced anything like that, if so, please let me know.
> >
> > Thanx
> > Phil
> >
>
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk




More information about the talk mailing list