We have a login page for content which is not supposed to be accessible from
anyone other than members, but, if you know the physical file path of the documents
in question, you can still get to them such as:
I think the best solution was to create one page with link and then embed a script that will redirect to login.
like this <?php
header ('location: login.php');
You need to create a file-server script, and put the actual files outside of the docroot (or in a directory tree where you prohibit access via the web server settings). Then you put your access control within the file server script, so it won't serve anything up if access is not granted.
"Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
~ Terry Pratchett in Nation
If you're looking for some help with securing information in mobile development, I believe there are some solid resources here to assist you. I know I've had plenty of worries about securing user information especially in our new mobile era which is prone to information theft. http://www.verious.com/board/Giancar...y-and-privacy/
Your members have to get some secret information after logging in that distinguishes them from ordinary users of your website. Put your members-only stuff outside the web server tree and check if a user can present the secret information when he tries to access a members-only file name. Change the secret information with every login attempt.