i have a problem concerning a php script i worte some time ago.
It is a rather simple thing. On a Site you login via a html form which
points to a php that checks the username and password, and knowing this
it sends each user to his own http atuh protected directory.
i used http://user:p...@domain.com/user for each of them.
facts:
all of these directories are protected with basic auth of apache
there are pdf and other downloadable files there
and one php index page with links to the files.
problems:
ie6 sp2 does no longer support user:pass@ notation.
all other browsers do (as i know):
mozilla/firefox/epiphany/konqueror/opera/even lynx
nevertheless i'd like to support ie too
one solution is that i link to http://domain.com/user ans the browser
would ask for the username again, which is ugly
another solution is that i do not user http auth, protect the php vom
viewing, but everyone nowing a deeplink could download the files, which
i definitly don't want.
one more solution could be links to each users directory and only the
browser asks for user and pass, but no user should (in ideal case) know
that another user exists. i don't want a page (viewable for all) where
there are all users listed.
okay, ... deeplinks are also not what i wand. no user should have to
type deeplinks to his dir.
the problem is that ie does not only trow another login box, this would
be okay if other browsers work "normally". but ie gets an error
page.... syntax error. which i don't like to see.
so.: i hope the problem is clear.
i use header(Location : ???) for redirection.
i tried some hacks to include Auth credentials in the header, but had
no success.
any solution providing protection for my downloadable files, working in
all browsers would be a charm.
thanks in advance
thomas
It is a rather simple thing. On a Site you login via a html form which
points to a php that checks the username and password, and knowing this
it sends each user to his own http atuh protected directory.
i used http://user:p...@domain.com/user for each of them.
facts:
all of these directories are protected with basic auth of apache
there are pdf and other downloadable files there
and one php index page with links to the files.
problems:
ie6 sp2 does no longer support user:pass@ notation.
all other browsers do (as i know):
mozilla/firefox/epiphany/konqueror/opera/even lynx
nevertheless i'd like to support ie too
one solution is that i link to http://domain.com/user ans the browser
would ask for the username again, which is ugly
another solution is that i do not user http auth, protect the php vom
viewing, but everyone nowing a deeplink could download the files, which
i definitly don't want.
one more solution could be links to each users directory and only the
browser asks for user and pass, but no user should (in ideal case) know
that another user exists. i don't want a page (viewable for all) where
there are all users listed.
okay, ... deeplinks are also not what i wand. no user should have to
type deeplinks to his dir.
the problem is that ie does not only trow another login box, this would
be okay if other browsers work "normally". but ie gets an error
page.... syntax error. which i don't like to see.
so.: i hope the problem is clear.
i use header(Location : ???) for redirection.
i tried some hacks to include Auth credentials in the header, but had
no success.
any solution providing protection for my downloadable files, working in
all browsers would be a charm.
thanks in advance
thomas
Comment