php script w/ .htaccess question

[admoore]

I have a site where I use sessions under php to authenticate a user and direct him to an appropriate subdirectory location; however I don't want the directories which reside within the public_html folder accessable beyond the authenticated session clients.

For Example:

authenticated clients need access to:

/public_html/reports/ab009/*.pdf

while preventing non session clients from viewing contents of /public_html/reports/ or subdirectories...

TIA for help!

-Allen

 

[sleipnir214]

I don't know if there is a way for a CGI to pass authentication credentials back to Apache, but I have one solution.

If you have your own authentication system set up with sessions, why not put PHP in the way to get to the files?

Put your files directory completely outside of your directory tree. Then write a PHP script that confirms the user's session credentials and sends the file programatically if they have access. Perfection in engineering does not happen when there is nothing more to add. Rather it happens when there is nothing more to take away.