Allow secure access to entire directory

[capella07]

Hello, all

 

I was using .htaccess to restrict clients to be able to access their site as I develop it. Each client's site is in its own folder on my "dev" subdomain. It worked, but I wanted a more professional look to the login setup and it was getting hairy managing multiple clients and folders.

 

So I created a PHP/MySQL login system that allows my clients to access their Web site. The user goes to a common login page and the php logic checks the database for the folder assigned to that user and redirects them to that folder. For that to work, this code has to be at the top of every page:

<?
session_start();
if (($_SESSION['folder'] == '') || !($_SESSION['folder'] == 'CLIENTSFOLDER')) {
	header("Location: login.php");
}
?>

 

As you can see, if the user tries to access (or is somehow directed to) a particular file, to access it they have to be logged in and they have to have the defined folder in their database record.

 

What I'm wondering is if there is a way, using a PHP login setup similar to what I have in place, to restrict access to an entire folder - similar to how .htaccess/.htpasswd does it - rather than having to put the session check code on every page in the folder.

 

I hope I'm making sense! Let me know if you have any questions.

 

Thanks for any help/suggestions.

 

[jl5501]

do you not already have a common header file that every file in the folder includes, which the check code could go in?

 

 

[capella07]

 

I certainly do, and that's currently how I have it set up.

 

I'm just wondering if there is some way I can get the security system more separated from the client's files.

 

Thanks for the quick reply!