Jump to content

Archived

This topic is now archived and is closed to further replies.

mattsutton

Password Protection for specific pages and folders

Recommended Posts

hi, I am building a site where the admin user can create new users in the database.
When the admin user creates a user, the details are sent to the database, a new folder is created on the server with that user name *mkdir(.../.../.../$username) etc,
an email is sent to the user containing a link to that folder, which contains an index page which shows the contents of that folder.
BUT, can someone help me on how i password protect (automatically) that folder so that only the username and password for that folder can see the index page....

Thanks,

Matt.

Share this post


Link to post
Share on other sites
That depends.

When you say you show an index page, do you mean you've created an index page which shows the contents of the folder or do you mean the index page created by the server when there's no custom indexpage (like index.php or index.html)?

In the last case you could setup .htacces, howerver this would be a readonly solution. In the first case just use the login system you've already got in place.

This is an odd question... [img src=\"style_emoticons/[#EMO_DIR#]/unsure.gif\" style=\"vertical-align:middle\" emoid=\":unsure:\" border=\"0\" alt=\"unsure.gif\" /]

Share this post


Link to post
Share on other sites
Hi, Thanks for your reply.

Basically the index page is a php page called index, which has a php script inside it which displays the contents of any folder that the page is placed in. (e.g. list of word documents in that folder, pdf's etc)

Let me explain what im doing.

Im building a site for a company that examine and certify lifting equipment. The guy wants to upload certificates in word format via ftp to his customers individual folders, so they can download them to save paper and postage.

heres how it should work.

user is created --> username, company name, password etc stored in database --> email containing link to the folder that has just been created and login details are emailed to customer --> customer clicks link --> ENTERS USERNAME AND PASSWORD --> index page displayed. (list of word documents is displayed which they can download)

basically what i need is:
for each new folder to only be accessable using the username and password supplied for that specific folder.

Everything else is done, its just password protecting folders that have been created when a new user is added
that is giving me a headache.

Sorry, i expect thats just as confusing as the first post!

Share this post


Link to post
Share on other sites
[!--quoteo(post=376270:date=May 23 2006, 04:55 AM:name=redspider)--][div class=\'quotetop\']QUOTE(redspider @ May 23 2006, 04:55 AM) [snapback]376270[/snapback][/div][div class=\'quotemain\'][!--quotec--]
Sorry, i expect thats just as confusing as the first post!
[/quote]

Not really, I think I understand what you're getting at. You can limit permissions to the files to local scripts, no biggie. But how to pass it from the script to the user...

Here's a thought:
Direct the hyperlinks to a script that outputs the content of a file. You may have to set the content-type of the output to make the browser believe it's acessing a word document.

How exactly to do this? I don't know (yet). Is it possible? I think so.

Share this post


Link to post
Share on other sites
This might just work:

in [b]index.php:[/b]
[code]echo '<a href="loadfile.php?filepath='.$file.'>'.$filename.'</a>';[/code]

[b]loadfile.php[/b]
[code]<?php
header("Content-type: application/msword");
$file = file($_GET['filepath']);
foreach($file as $fileline)
{
    echo $fileline;
}
?>[/code]

Share this post


Link to post
Share on other sites
Please let me know how this worked out.

Share this post


Link to post
Share on other sites
Correction:

[b]loadfile.php[/b]
[code]<?php
if($_SESSION['user'] == $appropiateUser)
{
    header("Content-type: application/msword");
    header('Content-Disposition: attachment; filename="'.$_GET['file'].'"');
    readfile($_GET['file']);
}
?>[/code]
Disallow external access to the docs by placing them in a subdir and putting in that dir a htacces file containing "Deny from all"...

Now one can only access the file if logged in. Anyone else would just see a blank page.

Just to be sure, set file permissions on the docs to "user" (I guess that only makes sense if you're using cpanel or something similar).

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.