Truely secure

[denoteone]

I am not using a database as of now but I  am using a simple Javascript and PHP Sessions scripts to create a  semi-secure site for document downloads.

 

the thing is if you remember the download URL you can type that in at anytime and the file will start downloading to the users machine....is there anyway with to prevent this from happening..so the user has to be login in to download files?

 

 

 

[me1000]

<?php
session_start();
if (!isset($_SESSION['loggedin'])){
die("you must be logged in");
}
?>

 

Then you have to create a session when the user logs in,

 

session_start(); //this line must be at the top of your page

$_SESSION['loggedin'] = 'yes'; //this line needs to be executed when the user logs in

It think this is what you want,

[ohdang888]

yes,

 

require them to login by using a variable stored during login.

 

 

[ohdang888]

for example

 

when they log in, i use this:

 

$_SESSION['id']=$id;

 

and the $id is their user id.

then to verify they have logged in, you can do this:

 

(this is if they are not logged in)

 

if(strlen($_SESSION['id']) == 0){

echo "<meta http-equiv='refresh' content='0;url=login.php'>";

die();

}