Header information for Authentication

Anon

Hello,

I don't know how to redirect a user in a folder on my server which requires an authentication WITHOUT asking him the user_id and the password.
My aim is to place in this secured folder somes files that a user cound download only and only if he has succeeded in a quizz.
I don't want that a user can access in this folder by http !
thank you very much and sorry for my bad english !

Anon

what exactly do you want to do? Making a quiz, like question1.php, question2.php questionxx.php etc... and a s cript in final.php that sends the user to some folder that needs authorisation?

You can give some variables with the script.

Like:

if($rightanswers>10)
{

$username="authorisedname"; //fill in a name
$password="authorisedpass"; //fill in a pass

header("location:someotherpage.php?user=$username&pass=$password");

} else {

header("location:someotherpage.php");

}

And then you need authorisation for that folder using those variables.

This isn't very secure actually. Be more specific please

Anon

you could better make some form with a submitbutton and hiddenfields.

robertjackson

Along this same line, you could set up a session and register $username and $password (or the responses to the questions in your quiz). This would prevent them from being passed in the URL as Ronald shows in his first header redirection. The target page for this redirection could then check the session variables. That would make it a little more secure.

Rob

robertjackson

To 'secure' your folder, you could make the folder name something obsure like
domain.com/download/43F6AB009E/25DC58E89A/
such that it can't reasonably be guessed.

The file to which you redirect to upon successfully going through the quiz would have links to files in this obsurely named directory.

The only other way I know to protect a complete directory is with a .htaccess file. But I don't think PHP can set those variables ($PHP_AUTH_USER and $PHP_AUTH_PW) but then I haven't tried. Looking at http://www.zend.com/zend/tut/authentication.php might help.

Rob

Anon

Thank you for all your responses.
I have tried them but my problem is with the user who can read the sources html and discover the link (a href='..set by php ...' ) to my folder and the file (a diploma image like.. and the winner is ..).
I don't want that this user gives this link to another user in order to allow him to download the file without succeeding in the quiz.
But, I have tried this :
secure a folder 1 with .htacces.
create a folder 2 with the right "write".
All the diploma images are in the folder 1.
When a user wins, with php, I copy the right diploma (diploma1.jpg) into the folder 2 with a random name '15edfrdip.jpg' and put the link '.../folder2/15edfrdip.jpg' in the href section in the final.php page. The user can donwload it up to one week, after that, the file is deleted.
The risk is that a user gives the link '.../folder2/15edfrdip.jpg' but, it will be available only one week...
Flo