cgm225 Posted November 13, 2007 Share Posted November 13, 2007 Is there a way to simultaneously authenticate a user using (1) php session (checking against usernames and passwords in a mysql db), and (2) htaccess (with a ht password file). Here is why, if I have the following script and directory structure for a photo gallery script.. --Root directory --gallery.php --album directory --thumbnail.jpg --.htaccess ..I can use php session authentication to protect access to the gallery script so users cannot see the thumbnail.jpg that way; however, a user could still gain access to that thumbnail by directing visiting the /root/album/thumbnail.jpg address, therefore I have included the .htaccess to require a username/password there. This of course then requires a double login (once with a php form, and once with htaccess). Is there a way to unify these two authenitcation processes with a single form and php script? Thank you all in advance. Please let me know if you need any clarification! cgn225 Link to comment https://forums.phpfreaks.com/topic/77188-check-username-and-password-against-phpmysql-and-htaccess/ Share on other sites More sharing options...
cunoodle2 Posted November 13, 2007 Share Posted November 13, 2007 I am pretty sure that you can place a condition in the .htaccess file that states you cannot access the image directly. You may have to research this but I believe it is something like this... RewriteEngine On RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com/ [NC] RewriteCond %{HTTP_REFERER} ^http:// [NC] RewriteCond %{HTTP_REFERER} !^$ RewriteRule \.(jpe?g|gif|png)$ album/index.php [R,L] Basically what that says is that if someone attempts to access a file that ends in .jpeg, .jpg, .gif or .png that it will automatically redirect them to the album/index.php page. Since I image people are never actually just pulling up the image but rather a page SHOWING the image you should be fine. Try it out and let me/us know how it works. Link to comment https://forums.phpfreaks.com/topic/77188-check-username-and-password-against-phpmysql-and-htaccess/#findComment-390816 Share on other sites More sharing options...
cgm225 Posted November 13, 2007 Author Share Posted November 13, 2007 Thank you so much for the help! Follow-up question: If I have the following directory structure.. --root dir --htaccess --media dir --photos --album1 --thumbnails --thumbnail.jpg --album2 --thumbnails --thumbnail.jpg --album3 --thumbnails --thumbnail.jpg Is there a general RewriteCond I could insert in the overarching .htaccess file (under the root dir) to prohibit the direct access of the thumbnail.jpg's in the thumbnails directories regardless of which album they are in? Link to comment https://forums.phpfreaks.com/topic/77188-check-username-and-password-against-phpmysql-and-htaccess/#findComment-390821 Share on other sites More sharing options...
cgm225 Posted November 16, 2007 Author Share Posted November 16, 2007 (bump from Nov 13).. I am still having a problem with what I discussed initially in this post, and have not solved it with htaccess. Any other ideas? Thank you all in advance! Link to comment https://forums.phpfreaks.com/topic/77188-check-username-and-password-against-phpmysql-and-htaccess/#findComment-393163 Share on other sites More sharing options...
cgm225 Posted November 20, 2007 Author Share Posted November 20, 2007 (bump from Nov 13) Link to comment https://forums.phpfreaks.com/topic/77188-check-username-and-password-against-phpmysql-and-htaccess/#findComment-395254 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.