Environment: Web site hosted on a Linux box. Using CPanel's File Manager to password-protect a folder for our Sales group.
Problem: One of our sales guys logged into the Sales area, opened a report, then clicked "send as e-mail" to a customer. The customer receives the e-mail, gets a popup asking for username and password (as it should be). She clicks "Cancel" then gets to see the report anyway (not good). She tries again and intentionally fails the log in - and gets to see the report anyway (even more not good). Then I get notified.
Question: Is there any way in PHP to keep a password-protected page from being accessed from an e-mail? Do I need to ignore the File Manager and build (or use) a PHP authentication class?
Honestly, I didn't realize this was a security risk until now and would like to plug it before someone decides to send something more dangerous than a price sheet.