Jump to content


Photo

Passing htaccess authorization with PHP?


  • Please log in to reply
No replies to this topic

#1 js_280

js_280
  • Members
  • PipPipPip
  • Advanced Member
  • 33 posts

Posted 06 March 2006 - 04:04 AM

This may not be the correct forum to post this in, but is there a way to embed a username/password (or pass $PHP_AUTH_USER / $PHP_AUTH_PW) into a php script to redirect a user that has already logged in through a php/mysql portal to an htaccess protected directory WITHOUT having to login through the Apache login prompt? The [a href=\"http://username:password@www.yoursite.com\" target=\"_blank\"]http://username:password@www.yoursite.com[/a] redirect no longer works with IE6 or many other web browsers. I don't have direct access to the htaccess file, so changing the file is not an option.

Basically, I have client folders set up on the webhost and when the client logs in through php/mysql interface, he/she is passed to ./clientdirectory/main.php. When he/she reaches the directory, the php script (main.php) reads all of the files in the directory and creates an html link to download the files. The main.php script checks to see that a session is registered and that the client is in their correct directory, however if someone knew the exact filename of one of the files in that client's folder, they could download it directly by entering the url (www.yoursite.com/client1/file.txt) because their is nothing to check for a registered session or correct directory.

If there is no way to do this, is there a way to prevent the files from being downloaded and still allow scripts to process?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users