Try creating a session varaible as you log in, and look for that session variable at the head of every secure page. No session variable, no entry. -----Original Message----- From: thelist-bounces at lists.evolt.org [mailto:thelist-bounces at lists.evolt.org] On Behalf Of Tris Sent: 15 October 2007 10:01 To: thelist at jarmin.com; thelist at lists.evolt.org Subject: Re: [thelist] how to protect downloadable docs in members only area I used to keep the files outside of the www DIR... and then created a downlaod page, (with a login checker) and then used the header() function to asign the correct mime type and pass the file to the user... Does that makes sence? it worked great for me, and no one could guess the URL direct to the files, cuase there were none! let me know if you need more info.. Tris... On 15/10/2007, iris <thelist at jarmin.com> wrote: > good morning everyone > > i've got a website that has a password protected members' area (php > login system). physically the content is all located within a /members/ > folder. within this is a documents folder with word, powerpoint etc > docs which can be downloaded from within the members' area (i.e. only if > logged in). > > however, if someone knew the exact location of a document > (http://example.com/members/docs/example.doc) they could get to them > without being logged in. > > how do i protect these documents from unauthorised access? > > i tried the htaccess file approach, passing the login instructions in > the links, so that those logged in don't have to log in again. e.g. > <a href="http://username:firstname.lastname@example.org/members/docs/example.doc"> > but i discovered that IE doesn't play nice if the security setting are > set too high (middle being too high). since the users of this site are > mostly on university computers and might not have rights to change these > settings, i've decided that this is a bad method. > > has anybody got another solution for me? > > also, are the documents save from search engines? (i don't really trust > them to follow the instructions in robot.txt) > > thank you so very much > > iris > > -- > > * * Please support the community that supports you. * * > http://evolt.org/help_support_evolt/ > > For unsubscribe and other options, including the Tip Harvester > and archives of thelist go to: http://lists.evolt.org > Workers of the Web, evolt ! > -- Give a man a fish and he'll feed himself for a day. Give a man a religion and he'll starve to death praying for a fish. Anon `We are what we pretend to be, so we must be careful what we pretend to be.` Kurt Vonnegut `When a person can no longer laugh at himself, it is time for others to laugh at him.` Thomas Szasz -- * * Please support the community that supports you. * * http://evolt.org/help_support_evolt/ For unsubscribe and other options, including the Tip Harvester and archives of thelist go to: http://lists.evolt.org Workers of the Web, evolt !