cgm225 Posted November 13, 2007 Share Posted November 13, 2007 Is there a way to simultaneously authenticate a user using (1) php session (checking against usernames and passwords in a mysql db), and (2) htaccess (with a ht password file). Here is why, if I have the following script and directory structure for a photo gallery script.. --Root directory --gallery.php --album directory --thumbnail.jpg --.htaccess ..I can use php session authentication to protect access to the gallery script so users cannot see the thumbnail.jpg that way; however, a user could still gain access to that thumbnail by directing visiting the /root/album/thumbnail.jpg address, therefore I have included the .htaccess to require a username/password there. This of course then requires a double login (once with a php form, and once with htaccess). Is there a way to unify these two authenitcation processes with a single form and php script? Thank you all in advance. Please let me know if you need any clarification! cgn225 Quote Link to comment Share on other sites More sharing options...
cunoodle2 Posted November 13, 2007 Share Posted November 13, 2007 I am pretty sure that you can place a condition in the .htaccess file that states you cannot access the image directly. You may have to research this but I believe it is something like this... RewriteEngine On RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com/ [NC] RewriteCond %{HTTP_REFERER} ^http:// [NC] RewriteCond %{HTTP_REFERER} !^$ RewriteRule \.(jpe?g|gif|png)$ album/index.php [R,L] Basically what that says is that if someone attempts to access a file that ends in .jpeg, .jpg, .gif or .png that it will automatically redirect them to the album/index.php page. Since I image people are never actually just pulling up the image but rather a page SHOWING the image you should be fine. Try it out and let me/us know how it works. Quote Link to comment Share on other sites More sharing options...
cgm225 Posted November 13, 2007 Author Share Posted November 13, 2007 Thank you so much for the help! Follow-up question: If I have the following directory structure.. --root dir --htaccess --media dir --photos --album1 --thumbnails --thumbnail.jpg --album2 --thumbnails --thumbnail.jpg --album3 --thumbnails --thumbnail.jpg Is there a general RewriteCond I could insert in the overarching .htaccess file (under the root dir) to prohibit the direct access of the thumbnail.jpg's in the thumbnails directories regardless of which album they are in? Quote Link to comment Share on other sites More sharing options...
cgm225 Posted November 16, 2007 Author Share Posted November 16, 2007 (bump from Nov 13).. I am still having a problem with what I discussed initially in this post, and have not solved it with htaccess. Any other ideas? Thank you all in advance! Quote Link to comment Share on other sites More sharing options...
cgm225 Posted November 20, 2007 Author Share Posted November 20, 2007 (bump from Nov 13) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.