Jump to content

Password Protection for specific pages and folders


mattsutton

Recommended Posts

hi, I am building a site where the admin user can create new users in the database.
When the admin user creates a user, the details are sent to the database, a new folder is created on the server with that user name *mkdir(.../.../.../$username) etc,
an email is sent to the user containing a link to that folder, which contains an index page which shows the contents of that folder.
BUT, can someone help me on how i password protect (automatically) that folder so that only the username and password for that folder can see the index page....

Thanks,

Matt.
Link to comment
Share on other sites

That depends.

When you say you show an index page, do you mean you've created an index page which shows the contents of the folder or do you mean the index page created by the server when there's no custom indexpage (like index.php or index.html)?

In the last case you could setup .htacces, howerver this would be a readonly solution. In the first case just use the login system you've already got in place.

This is an odd question... [img src=\"style_emoticons/[#EMO_DIR#]/unsure.gif\" style=\"vertical-align:middle\" emoid=\":unsure:\" border=\"0\" alt=\"unsure.gif\" /]
Link to comment
Share on other sites

Hi, Thanks for your reply.

Basically the index page is a php page called index, which has a php script inside it which displays the contents of any folder that the page is placed in. (e.g. list of word documents in that folder, pdf's etc)

Let me explain what im doing.

Im building a site for a company that examine and certify lifting equipment. The guy wants to upload certificates in word format via ftp to his customers individual folders, so they can download them to save paper and postage.

heres how it should work.

user is created --> username, company name, password etc stored in database --> email containing link to the folder that has just been created and login details are emailed to customer --> customer clicks link --> ENTERS USERNAME AND PASSWORD --> index page displayed. (list of word documents is displayed which they can download)

basically what i need is:
for each new folder to only be accessable using the username and password supplied for that specific folder.

Everything else is done, its just password protecting folders that have been created when a new user is added
that is giving me a headache.

Sorry, i expect thats just as confusing as the first post!
Link to comment
Share on other sites

[!--quoteo(post=376270:date=May 23 2006, 04:55 AM:name=redspider)--][div class=\'quotetop\']QUOTE(redspider @ May 23 2006, 04:55 AM) [snapback]376270[/snapback][/div][div class=\'quotemain\'][!--quotec--]
Sorry, i expect thats just as confusing as the first post!
[/quote]

Not really, I think I understand what you're getting at. You can limit permissions to the files to local scripts, no biggie. But how to pass it from the script to the user...

Here's a thought:
Direct the hyperlinks to a script that outputs the content of a file. You may have to set the content-type of the output to make the browser believe it's acessing a word document.

How exactly to do this? I don't know (yet). Is it possible? I think so.
Link to comment
Share on other sites

This might just work:

in [b]index.php:[/b]
[code]echo '<a href="loadfile.php?filepath='.$file.'>'.$filename.'</a>';[/code]

[b]loadfile.php[/b]
[code]<?php
header("Content-type: application/msword");
$file = file($_GET['filepath']);
foreach($file as $fileline)
{
    echo $fileline;
}
?>[/code]
Link to comment
Share on other sites

Correction:

[b]loadfile.php[/b]
[code]<?php
if($_SESSION['user'] == $appropiateUser)
{
    header("Content-type: application/msword");
    header('Content-Disposition: attachment; filename="'.$_GET['file'].'"');
    readfile($_GET['file']);
}
?>[/code]
Disallow external access to the docs by placing them in a subdir and putting in that dir a htacces file containing "Deny from all"...

Now one can only access the file if logged in. Anyone else would just see a blank page.

Just to be sure, set file permissions on the docs to "user" (I guess that only makes sense if you're using cpanel or something similar).
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.