I wish to authenticate client logons via sessions and display the contents of a specific directory to the user based on logon... So far, no problem... Script lists contents of appropriate directory and creates a link to access each file (.pdf reports)...
Here's my problem-
If I just use subdirectories within my public_html directory, a saavy user could access files via the path in the link anchor without authentication and perhaps guess their way into other users directories...
If I place the files somewhere other than public_html I can list the files; but, Apache won't/can't serve them upon demand.
Can I use PHP to pass authentication credentials to Apache so that once authenticated via sessions they could access a .htaccess protected directory?
If so, how?
TIA,
-ADM
Here's my problem-
If I just use subdirectories within my public_html directory, a saavy user could access files via the path in the link anchor without authentication and perhaps guess their way into other users directories...
If I place the files somewhere other than public_html I can list the files; but, Apache won't/can't serve them upon demand.
Can I use PHP to pass authentication credentials to Apache so that once authenticated via sessions they could access a .htaccess protected directory?
If so, how?
TIA,
-ADM