Jump to content

different logins for different directories - one landing page


Recommended Posts

sorry you guys, but another question here from a mildly-talented PHP user.....

I started designing a website for someone with wordpress, however like all 3rd party apps, it's very limited in what it can do when a need arises that is complex in nature, which is what I have.  I'm using GoDaddy as a hosting company and their cPanel tool can't do this, so I must use PHP or something similar to get it done.  Here's what I've got:

=> I have many dirs and subdirs on my site. the reason for this is to partition/separate out many files that cover a wide variety of topics.  so the addresses look kind of like this:

> www.domain.com/content/software/ms-office/ms-access
> www.domain.com/content/software/ms-office/ms-access/advanced/code-samples
> www.domain.com/content/software/ms-dot-net/visual-studio

What I would like to do, because the site won't be available to the general public for a few months yet, is give people who want to know what the site is about a preview of what they will see in 3 months.  But these people always have only one discipline/focus for their job.  So I'd like to let them look at the content on the site that is only relevant to their expertise (for instance, like above, the "ms-access" dir), because I can't be showing them the other free resources offered by the site owner, especially if the owner brings in revenue for his business using that knowledge.  

So in the above example, how could I use PHP/MYSQL to issue separate usernames and passwords for 2 different people => 1 that wants to look at ms access content (they would only have access to "ms-office/ms-access" and "advanced/code-samples"), and 1 that wants to look at visual studio content ("ms-dot-net/visual-studio")??  Ideally what I'd like to do is only have to issue one password *per* software category dir, and have that password work for any other nested dirs lower than that.  So in the above example, giving credentials for access would allow the user to view any page on, or nested below the dir "ms-access".  If they try to view any file in any other dir, regardless of whether it is higher or lower on the directory tree, I want to block them.  Can this be done?  GoDaddy's tool can't do it.

It would also be nice if I could issue a universal redirect to a landing page/login page as the result given to a user that tries to access any given page on this website for the first time, if they typed in a literal URL instead of going to the homepage.  I hope you guys can help me figure this out, or maybe point me to some good internet resources where I can learn how to do it myself.  thanks!  (by the way, I know I can use PHP/MYSQL to produce dynamic pages with query strings, but I just chose this method to make it easier for the next developer to follow, because they're not that intellectual)

Do you need a full user authentication system with registration and login and all that? Or will you be granting access to a fairly small number of people that is unlikely to change? Because if you're using Apache (you probably are) then there's a stupid easy way to do this using its built-in HTTP Basic authentication.

req,

I'm sorry it took forever for me to get back to you on this.  to answer you....this page will be looked at by many people.  I need a different UN and PASS for each directory.  "subdirectory", that is, that, is each nested underneath the root site name:  e.g. => www.domain.com

I'm assuming the simple-stupid apache method for this would not be appropriate, correct?  this is a bit more complex than "stupid" methods....thanks.

Yes, a different username and password for the different directories, but do you also need a different username and password for each person? If so, how many people and do you need a full user system where they can log in and change passwords and whatever, or can you simply assign them passwords and that's the end of it?

well here's what it is, requinix....

.....I have a site that has "index.php" files inside each subdir.  so the architecture looks similar to this:

www.domain.com

=> www.domain.com/concept1/program1/
=> www.domain.com/concept1/program1/advanced
=> www.domain.com/concept1/program1/tutorials

=> www.domain.com/concept2
....(same as above)

so....someone will contact me that is trained in program1 and want to learn more about that program.  I would then want to give them access to these dirs ONLY:

www.domain.com/concept1/program1
www.domain.com/concept1/program1/advanced
www.domain.com/concept1/tutorials

but I would *not* want that same user to have access to these dirs:

 

www.domain.com
www.domain.com/concept2

so....is this even possible with PHP/MYSQL??   in general, the password given to this examples user I'm referring to in this post would be the exact same password given to anyone that wanted to learn about program1.   thus, it would *not* be a different password for each person.  but rather, a different password for each *dir* and its associated *subdirs*.   thanks requinix!

Edited by ajetrumpet
9 minutes ago, ajetrumpet said:

thus, it would *not* be a different password for each person

So the answer to the question I asked is "no, I do not want a different username/password for each person".

Let's try another one and see if we can reach the answer with fewer posts this time: Are you using Apache?

13 minutes ago, requinix said:

So the answer to the question I asked is "no, I do not want a different username/password for each person".

Let's try another one and see if we can reach the answer with fewer posts this time: Are you using Apache?

YES.

sorry for the long winded answer, requinix.  I know you tech experts like it simple in the manner of "question-answer".  😃

Yes, it's true that we do like quick answers, but only to quick questions: very often the background information is not just useful but even significant and can affect what advice should be given.

Your criteria are that you have an authentication system that is applied for individual directories where one username and password (each) is sufficient, and that you are using Apache. Right?
https://cwiki.apache.org/confluence/display/HTTPD/PasswordBasicAuth

You can set up a single file containing all the information for all the directories, each one with a different "username", then instead of Require-ing any valid user, you require the specific "username" for that directory.

that looks like something similar to what I need, req.  however, a part of that page says this:

Quote

Assuming a DocumentRoot value of "/srv/httpd/htdocs",

this website is hosted with GoDaddy, and I have no idea if I have access to that dir or those appropriate files.   this is on a shared server, and goDaddy tells me that access to deep level config files under that kind of hosting account is not possible.  the root dir on this website, per an FTP client, is:

public_html

however, there *is* a directory underneath that root called:

.htpasswds

the apache version they have is 2.4.33

it looks like we're on the right track then here, no?

Edited by ajetrumpet

You have a directory called ".htpasswds" that already exists? Then there is some mechanism already in place to do what I'm talking about.

Do you see anything about password protecting directories in CPanel?

1 minute ago, requinix said:

Do you see anything about password protecting directories in CPanel?

I *do* have the option to password protect different directories, however I tried this long ago and it doesn't work because if I protect the root and then protect a subdir underneath that root with another pw, the pw for the root is used for both.   the pw for root takes precedence over every other one.  thus, goDaddy's tool can't do this.  see attached image, or here:

https://drive.google.com/file/d/1RF8KnyP5tKzdG-R0Axrr116E-L-iYeFr/view?usp=sharing

cPanel_pw_protect_option.jpg

I won't when i get your solution implemented.  I currently have a pw on the root via the method I just showed you, using goDaddy's tool in that image.  but that doesn't work, as stated.

Edited by ajetrumpet

Req,

In that resource you pointed me to, it looks like everything that has to be done is being done through the command line and the appropriate statements in it.  is that correct?  is this a common way to do things when working with a server directly?

req,

I just want to make sure that these 2 things are not related.  it doesn't make sense that they would be.  Are the "allowed PHP modules" on a shared server related at all to the HTTPD software implementations listed here?  https://en.wikipedia.org/wiki/Httpd .  Your instruction guide says it is HTTPD.  considering that HTTP is a protocol and PHP is a language, I'm thinking this is completely irrelevant.

from GoDaddy:

https://techmipro.com/php-mods-on-godaddy-shared-hosting/

Edited by ajetrumpet
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.