I have a client site which utilizes page-based authentication to control access to certain areas of the site. Once a user has successfully logged in, a session-variable is instantiated, like so:
Code: Select all
if ($valid_user)
{
$_SESSION['adminauth'] = 1;
$_SESSION['userlevel'] = "admin";
$_SESSION['logname'] = $_POST['adminname'];
// setcookie("username", $_POST['username'], time()+(84600*30));
// echo "Access granted!";
// ob_end_flush();
}
The client is now adding some PDF documents to the secure areas of the site. I'm curious if there's a way to leverage my existing authentication system to secure the directory holding the documents to prevent direct URL access. I know I can control access to the PHP page which will list links to the documents, but someone could feasibly go to
http://www.mysite.com/path/to/documents/document.pdf and access the files without authentication.
So, I wonder if I can leverage .htaccess and the session variable to control access to that directory.
Any help is greatly appreciated.
Max