This maybe a bit outside the scope of PHPRunner, but yet it is very much related.
1st some background, I am using IIS, MySQL 5 and PHPRunner 4.2
We have a few thousand pdf files on our web server for which I have created a phprunner project to access. In the MySQL DB I store the file name and a description of what it is. I then use SQL to create a hyperlink: concat('http://webserver/files/ap/';, filename, '.pdf') AS Link where "filename" is the database field.
This works very well, but has one major limitation, anyone who has access to my web server (which is internal only) can access any file in the "files" folder if they know the file name (or guess it). I know that I can change the Windows permissions on the folder so that the IUSR does not have access and my users would have to type a username and password to open the file. I would like to avoid making the users type another password (they already had to log into the php project).
Finally the question, If I would change the access to the "files" folder so that the IUSR does not have access, is there a why in PHPRunner to tell grant access to a logged in user?
For example, lets say I take access to the "files" folder away from the IUSR_ user and create a new user called FileUser. Is there a why in PHPRunner, so that if someone logged into the project and the clicked on the link, phprunner would pass the username and password to the file system and allow access without prompting the user for additional username and password.
Any ideas?
