Php Folder Security

[jandrews3]

  Currently for file protection inside a folder I am attaching a hidden variable split up, scrambled and re-assembled and transmitted in links between pages on a website. Example: http:www.cnn.com?validate=4485jd02843yfdj384

Only the re-encoding element of each page knows how to re-assemble the validate variable and tests parts of it for authenticity. Since parts of it rely on the accuracy of date() elements and the users member id (split up), it provides good security. BUT ...

 

  I need to take over an ISP's folder security. They use the .htaccess method to protect a folder. This would be great but I have NO experience with it, and they say I cannot link the .htaccess method to a mysql database. Does PHP offer a way to protect a folder so I don't have to protect each file in it individually? THIS IS A BIG QUESTION FOR ME! Thanks!

[fanfavorite]

You cannot protect folders with php scripts, you can only protect php files.  I suggest you research .htaccess it is fairly simple.   

 

Now .htaccess can read from a mysql database.  You need the the module mod_auth_mysql.  Check your host.

 

How to use:  http://www.modwest.com/help/kb1-161.html

 

If you do not have that module.  The only other workaround I can think of is to use .htaccess to only allow links through your domain.  This means that people linking from another domain or going directly to the url will not work unless they are on your site.  The code is:

 

SetEnvIf Referer mydomain.com internal

 

<Limit GET POST>

order deny,allow

deny from all

allow from env=internal

</LIMIT>