need help protecting directorys without having a dual login system.
Posted 26 September 2006 - 07:34 PM
I'm working on a new version of my website, this time with a php/mysql-login-system.
On my old site i use .htaccess to password protect certain directories.
In the new site i would like a similar sort of protection but i don't want two login systems side by side.
When thats the case, a user first needs to logon to the site and then when he/she reaches a protected part also needs to http_auth.
This causes confusion, and since i have this nice php login system now i would like to use that site-wide.
for most parts of the site i'm able to stop navigation to the protected parts, but somewone can still enter the url manually and thus get to the files.
So can someone help me with this?
ether a way to control .htaccess through php.
or another way to protect files and directorys in a way that logged in users can still reach them.
I don't realy know what information or code i should supply for better understanding, so i start by this:
The server is on my own machine(@home) running:
Server version: Apache/2.0.58
Server built: Jul 31 2006 17:14:51
PHP 5.1.4-pl6-gentoo (cli) (built: Sep 6 2006 13:36:40)
Copyright © 1997-2006 The PHP Group
Zend Engine v2.1.0, Copyright © 1998-2006 Zend Technologies
mysql Ver 14.7 Distrib 4.1.21, for pc-linux-gnu (i686) using readline 5.1
Posted 26 September 2006 - 07:43 PM
I use it to secure a database application I wrote. Keeps users away from certain forms.
Can throw you an example if needed.
Posted 28 September 2006 - 09:52 AM
for instance, when i have this upload section for a selection of users. I wan't them to be able to reach there files. I can't put a <?if ($_SESSION).....?> in the top of the file. So when somebody uses a direct url they can download the file.
i can protect this with a .htaccess, but then the user can't reach the file unless they know the .htaccess pass.
and for stuff like jinzora, i would like to protect the jinzora folder but i don't want to use the jinzora user system on top of my own.
Posted 28 September 2006 - 10:14 AM
So all they have access to is index.php images and the style sheet, so index just includes another application backbone file that sorts out all the pages and templates all done behind closed doors based on the authentication you set. Good Luck
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users