Hi
Thanks everybody
I have another question:
I made upload and the dir of my upload is for example: www.yourwebsite/upload/file
is anybody know how can i protect that like above with username and pass (not .htaccess) some code from php. that means when the users put that link to the address bar if they do not have permision(username, Pass) they cannot go in there

thanks everybody
best regards
mani_he

Any help

thanks

You really need to use something like .htaccess to limit access to a directory, any reason you can't use .htaccess? What types of files are you trying to protect? Do they contain sensitive information? Are the files text-based?

Regards,
Rich

--
[http://www.smilingsouls.net]
[http://pear.php.net/Mail_IMAP] A PHP/C-Client/PEAR solution for webmail

Again thank rich for your answer. Right now I'm using localhost and I did not put my website up. I try to make every thing work. .htaccess: It does not work at all.
I create the .htaccess file and i put it in the dir (http://localhost/web/file/)
and it did not work, so i try to use mysql mod for that protection (as you know if i do not use mysql i have to create .htaccess and .htpassword, but if i use that one with mysql i do not have to create the .htpassword file) so any way i did that one also but still not working.
maybe my php or apache config for that is wrong, acctualy i did not do any thing on php and apache config.
i really try to make that work with mysql on windows xp.
about the file, yes those file are really important but they are not the credit card numbers or something similar (I know when ever i try to get info from credit i have to use SSL)

Thanks Rich
Best Regards

In order for .htaccess to work you must be using an Apache web server. Apache also has to be configured to allow .htaccess files to override directives.

http://httpd.apache.org/docs/configuring.html#htaccess

Otherwise, one possibility I'd suggest is that you store that information in a database instead of in the file system.

As text files you could also convert these files into PHP scripts, if they are plain text files. You can store information in variables (but don't output anything), then when someone tries to access the file directly all it does is output a blank page. Does that make sense? Of course for file formats that aren't plain text, you won't be able to take that approach.

Another possibility is storing the files in directories outside of www accessible directories, then you can call on PHP to output the file where you need a user to have access to it. Remember, PHP is a programming language, it is capable of accessing files, reading their contents and emulating them. If your files aren't plain text, this is probably the most secure approach.

If I had more information about the types of files you're trying to protect, I can provide you with some more specific examples.

HTH!

Regards,
Rich

--
[http://www.smilingsouls.net]
[http://pear.php.net/Mail_IMAP] A PHP/C-Client/PEAR solution for webmail

Thank Rich and thanks for session problem
see : http://p2p.wrox.com/topic.asp?TOPIC_ID=19055
and also about the second (As text files you could also convert these files into PHP scripts...) can you
please give a realy simple example (please)
thanks
best regards
mani_he

It depends on the text file as to whether that would be an effective solution. Before converting text files to PHP scripts you should consider storing that information in a DB instead, it's much more efficient and just as secure.

Otherwise you'd just store the information in variables, again not the best approach, but this would prevent access to the information.
See what's happening? There's nothing being output, so when the script is accessed directly it just prints a blank page. You can then include this script in another script and access the information already available in variables.


Regards,
Rich

--
[http://www.smilingsouls.net]
[http://pear.php.net/Mail_IMAP] A PHP/C-Client/PEAR solution for webmail