SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    Old Fogey mancroft's Avatar
    Join Date
    Oct 2002
    Location
    lost
    Posts
    445
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Subscriber-only access to folders

    The site has a login only for subscribers.

    There is a main folder and a number of sub folders in that.

    I need to protect the main folder and the other folders from access by people who are not subscribers.

    The number of subscribers will increase over time. Their details are in a database.

    What is the best way to prevent unauthorized access bearing in mind that the database of subscribers will need to be checked at every login?
    :

    :

  2. #2
    SitePoint Enthusiast
    Join Date
    Jul 2006
    Posts
    32
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It's tricky to say what's the 'best' solution, but writing your login script to set sessions for users as they login should provide a reasonable level of validation.
    Radioactive chicken gave me gay.
    Neonbrainiac

  3. #3
    SitePoint Enthusiast
    Join Date
    May 2005
    Posts
    50
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The quickest way to do this is to write quick authorization function, that sets the session with some sort of variable.

    So...

    ** DB logic to verify that the email/password is correct
    ** If email/password is correct

    PHP Code:
    session_start();
    $url http://yoursupersecurepage.com
    $_SESSION['account_id'] = xxx//set the session information
    header('Refresh: 0; url=' .$url ); //redirect to the protected page
    exit; 

    Then write a small file that you can include on top of the protected pages with

    PHP Code:

    session_start
    ();
    function 
    checkLogin(){
        
    /* Username and password have been set */
        
    if(isset($_SESSION['account_id']))
        {
            return 
    true;
        }
            else
           {
                    return 
    false;
           } 
    Then if the function is true the person is logged in, otherwise do not display the page.

  4. #4
    ✯✯✯ silver trophybronze trophy php_daemon's Avatar
    Join Date
    Mar 2006
    Posts
    5,284
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Hm, or perhaps folders and subfolders suggests that you want to handle it with apache authentication? Perhaps you could maintain .htpasswd file, but with a large user base it is really a better idea to simple use sessions as guys above suggest.
    Saul

  5. #5
    Old Fogey mancroft's Avatar
    Join Date
    Oct 2002
    Location
    lost
    Posts
    445
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks, fossil.

    Good idea.

    Quote Originally Posted by php_daemon View Post
    Hm, or perhaps folders and subfolders suggests that you want to handle it with apache authentication? Perhaps you could maintain .htpasswd file, but with a large user base it is really a better idea to simple use sessions as guys above suggest.
    Yep, I thought about .htpasswd but wanted something simpler.
    :

    :


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •