Jump to content

need help protecting directorys without having a dual login system.


Sade

Recommended Posts

Here's the case:

I'm working on a new version of my website, this time with a php/mysql-login-system.
On my old site i use .htaccess to password protect certain directories.
In the new site i would like a similar sort of protection but i don't want two login systems side by side.
When thats the case, a user first needs to logon to the site and then when he/she reaches a protected part also needs to http_auth.
This causes confusion, and since i have this nice php login system now i would like to use that site-wide.

for most parts of the site i'm able to stop navigation to the protected parts, but somewone can still enter the url manually and thus get to the files.

So can someone help me with this?
ether a way to control .htaccess through php.
or another way to protect files and directorys in a way that logged in users can still reach them.


I don't realy know what information or code i should supply for better understanding, so i start by this:
-
The server is on my own machine(@home) running:
-
OS: gentoo
-
Server version: Apache/2.0.58
Server built:  Jul 31 2006 17:14:51
-
PHP 5.1.4-pl6-gentoo (cli) (built: Sep  6 2006 13:36:40)
Copyright (c) 1997-2006 The PHP Group
Zend Engine v2.1.0, Copyright (c) 1998-2006 Zend Technologies
-
mysql  Ver 14.7 Distrib 4.1.21, for pc-linux-gnu (i686) using readline 5.1
Link to comment
Share on other sites

you can use sessions to verify a user when they get to web pages that way there userid is always available to run against the db to see if they have access to the particular page.

I use it to secure a database application I wrote. Keeps users away from certain forms.

Can throw you an example if needed.

Ray
Link to comment
Share on other sites

people can still access the files if they use a direct url with that method.

for instance, when i have this upload section for a selection of users. I wan't them to be able to reach there files. I can't put a <?if ($_SESSION).....?> in the top of the file. So when somebody uses a direct url they can download the file.
i can protect this with a .htaccess, but then the user can't reach the file unless they know the .htaccess pass.

and for stuff like jinzora, i would like to protect the jinzora folder but i don't want to use the jinzora user system on top of my own.
Link to comment
Share on other sites

Hmm,  What I am trying to implement is built into my framework structure, that only has a few client executable scripts that then go off and include other scripts into the original script, depending on their autorisation level.  That way the user wouldn't even need to put in the .htaccess pass.  I think this is similar to what you want, but I'm going down the OOP route.

Structure -->
    |
    +-classes
    +-scripts
    +-templates
    +-libs
    +-httpd
    |    +-images
    |    +style.css
    |    +index.php

So all they have access to is index.php images and the style sheet, so index just includes another application backbone file that sorts out all the pages and templates all done behind closed doors based on the authentication you set.  Good Luck
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.