Jump to content

Require login form


Janus13

Recommended Posts

I have a login form that redirects to a secure folder on successful login, but I was thinking tonight that someone could bypass it by going directly to the protected folder and logging in (I use both mysql db and .htaccess security) and I wonder if it is possible using mod_rewrite to redirect to the login page if the user isn't logged in, and allow the user through if they are using session variables. Can apache read php session variables? And can the mod_rewrite engine act upon them? I don't want to require the index page of the protected folder by a php page if possible.

Thanks again

Jon
Link to comment
Share on other sites

That defeats the purpose of my question. I know how to do that, but I want to know if it's possible to make .htaccess rules with mod_rewrite read php variables so force a login page to display if the user hasn't previously logged in. I don't want to have to require the directory have a php as the index page.
Link to comment
Share on other sites

[!--quoteo(post=386240:date=Jun 21 2006, 02:12 AM:name=Janus13)--][div class=\'quotetop\']QUOTE(Janus13 @ Jun 21 2006, 02:12 AM) [snapback]386240[/snapback][/div][div class=\'quotemain\'][!--quotec--]
Thanks for the reply. What does the last rule translate to? And how does it keep up with the php variable showing it that it's logged on?
[/quote]
Handy for anyone updating a site from static htm (you could use .html, or .htm(.*), .htm?, etc) to dynamic php pages; requests to the old pages are automatically rewritten to our new urls. no one notices a thing, visitors and search engines can access your content either way. leave the rule in; as an added bonus, this enables us to easily split php code and its included html structures into two separate files, a nice idea; makes editing and updating a breeze. The [nc] part at the end means "No Case", or "case-insensitive", but we'll get to the switches later.

Folks can link to whatever.htm or whatever.php, but they always get whatever.php in their browser, and this works even if whatever.htm doesn't exist! but I'm straying..

As it stands, it's a bit tricky; folks will still have whatever.htm in their browser address bar, and will still keep bookmarking your old .htm URL's. Search engines, too, will keep on indexing your links as .htm, some have even argued that serving up the same content from two different places could have you penalized by the search engines. This may or not bother you, but if it does, mod_rewrite can do some more magic..


[!--sizeo:4--][span style=\"font-size:14pt;line-height:100%\"][!--/sizeo--]read the link ok good luck[!--sizec--][/span][!--/sizec--]
Link to comment
Share on other sites

Oh I see. I understand what you are saying, although it doesn't do exactly what I want. Perhaps there is more magic that mod_rewrite can do that may do what I want. Ultimately I want to have someone go to a page under a protected page, and if they have bypassed the login page have it prompt them to login at the login page. The catch is that not all pages are PHP, some are pure html, but are secured under a passwd/.htaccess protected folder that you can go directly to and bypass all webpages. Is there a way for .htaccess/mod_rewrite to redirect back to a specific page if that page has not authenticated the user?

For example. I have a folder protected with a .htaccess rule pointing to a passwd file somewhere outside the htdocs directory. I have a login.php that processes a DB login then passes to the .htaccess folder. Someone could circimvent the login page and try to directly login via the protected directory and use just the .htaccess authentication. I want to check to see if they have some sort of variable set (like a session variable) that says they are logged in correctly, if not then force them back to the login.php page.

Is that possible with mod_rewrite?
Link to comment
Share on other sites

[!--quoteo(post=386271:date=Jun 21 2006, 03:58 AM:name=Janus13)--][div class=\'quotetop\']QUOTE(Janus13 @ Jun 21 2006, 03:58 AM) [snapback]386271[/snapback][/div][div class=\'quotemain\'][!--quotec--]
Oh I see. I understand what you are saying, although it doesn't do exactly what I want. Perhaps there is more magic that mod_rewrite can do that may do what I want. Ultimately I want to have someone go to a page under a protected page, and if they have bypassed the login page have it prompt them to login at the login page. The catch is that not all pages are PHP, some are pure html, but are secured under a passwd/.htaccess protected folder that you can go directly to and bypass all webpages. Is there a way for .htaccess/mod_rewrite to redirect back to a specific page if that page has not authenticated the user?

For example. I have a folder protected with a .htaccess rule pointing to a passwd file somewhere outside the htdocs directory. I have a login.php that processes a DB login then passes to the .htaccess folder. Someone could circimvent the login page and try to directly login via the protected directory and use just the .htaccess authentication. I want to check to see if they have some sort of variable set (like a session variable) that says they are logged in correctly, if not then force them back to the login.php page.

Is that possible with mod_rewrite?
[/quote]
i just read about mod_rewrite you got to put the session id within the url

i dont think its possable to get mod_rewrite to see if the user is a registred user and then if not redirect them to a page sorry.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.