Jump to content

Recommended Posts

Apologies if I'm posting in the wrong forum.

 

I have a PHP client area, where users log in and see files in their own folder only. This works dandy.

 

If the users click on a direct link to one of the folders or files in their folder, it should request the log in, then proceed to the aforementioned folder or file. Unfortunately, this does not quite work. After log in, users see the top level of their folder, as if they'd logged in normally.

 

I get that I should be passing variables into the PHP script somehow, but I'm at a loss how. Please advise.

 

My htaccess is as follows:

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mysite\.com [NC]
RewriteRule ^(.*)$ http://mysite.com/login.php [R,L]
</IfModule>

 

I'm not sure it it's relevant, but my file layout is as below:

Client Area (login.php)
   |-- Data   (htaccess)
        |-- client1   (client's files are in these folders)
        |-- client2

Let's say a user goes to http://mysite.com/clients/login.php

After they login, they'll see an interface showing whatever files/folders they have.

 

However, if they click on a link: http//mysite.com/clients/data/client1/folder1/file1.txt

They should see a login page, then after login, the file1.txt should display.

 

However, the htaccess just redirects to the login page, so after they login, they see the default interface. As if they logged in normally.

 

I'd like help changing the redirect to somehow pass the "client1/folder1/file1.txt" part of the link to the PHP script.

So you're requiring a login on every single click?  Why?  What possible security can that afford?  Aren't people going to be pissed off at having to type a password every time they do anything on your site?

 

The way I understand it they don't want to have to log-in on every file access, merely that if a user attempts to access a file without being logged in, upon achieving that log-in they should be redirected to the page they originally requested, not the default 'logged in' page you might arrive at by going directly to a login page.

The way I understand it they don't want to have to log-in on every file access, merely that if a user attempts to access a file without being logged in, upon achieving that log-in they should be redirected to the page they originally requested, not the default 'logged in' page you might arrive at by going directly to a login page.

 

Yes, correct! And thanks so much for the help! So simple :P

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.