setting folder authorization with php

[dtest]

Hi,

 

I have these files:

/httpdocs/login.php

/httpdocs/secret/index.php

 

the login.php is publicly available, but the folder 'secret' is password protected via my webhost's cpanel

 

I would like the script login.php to check my database for the user submitted name and password and then re-direct the user to /httpdocs/secret/index.php WITHOUT the user having to authorize himself again to enter the password protected folder

 

Is there a way to 'forward username and password' in php like this?

[Rithiur]

If by "password protected via my webhost's cpanel" you mean HTTP authentication, then there is basically a way. You can use an url like "http://username:[email protected]/", but there are several problems in it. Firstly, it's not horribly secure, as the username and password will naturally pass through the user (though, not sure if there is much choice here), and secondly it doesn't work in IE.

 

Sadly, for HTTP authentication, I do not know any other way you can automatically pass the data when redirecting.

[dtest]

Hi,

 

Yes you're correct, I mean HTTP authentication

 

That is really too bad that it doesn't work for IE.

 

Does anyone know if there's another way?

[jellis]

Is it possible for you to use sessions to control the access to scripts, then use a script to download out of that folder with permissions set to 0700?

 

That's the way I control document downloads on a couple of the sites I manage.

[dtest]

that's going to be really tricky. in my example I just named one file in the folder "secret" but in fact it's a folder with many files and many subfolders which are all needed to run the /httpdocs/secret/index.php script

 

so that's not really an option