I have an Intranet on a Windows/IIS server. I have created a folder which contains .php files that the normal user is not allowed to see (HR stuff). I can & have thought about writing a login page, but I'd rather not subject these users to that. Don't ask. Anyway, I can deny access to individual .html pages, but when I do the same with a .php page, it's as if they have full access. If they type in the URL in the address line, it opens.
Any ideas?
Thanks.
