In the downloads category I am using the file download URL to open a PHP page. I want to make sure that the security on the PHP page is not bypassed by typing in the URL directly. Is it possible for me to add a bit of code at the beginning of my PHP page that would authenticate that the user has proper read access for that category? Any tips/help is greatly appreciate as I'm a rookie PHP hacker.
Kent
Login
Donate to Zikula
Core Modules & Blocks
::
Need a hint on using PN Authentication in a php window.
-
-
- rank: Freshman
- registered: May 2002
- last visit: 28.10.02
- Posts: 2
-
Posted: 07.11.2002, 21:47
Any help would be appreciated.
Here is what I am trying to do -
In the downloads section I am using a download hyperlink to call a PHP page which then spawns a new window with the drawing in it and redirects back to the last page. My problem is that is someone e-mails that link a non-authorized user could also view the download. So...I would like to check and make sure the person clicking the link is logged in and has proper permission levels.
But obviously I have no idea what I'm doing!
Poking around I'm assuming I'll need a line in there something like:
if (!pnSecAuthAction(0, 'Downloads::Category', "$cattitle::$cid", ACCESS_READ)) {
echo _DOWNLOADSACCESSNOAUTH;
include 'footer.php';
return;
but have no idea what include files I would need to get this to work. Am I biting off more than I can chew here or is this relatively simple? Is there a different way I should go about this? Any help would be appreciated.?>[/php]
