SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Member
    Join Date
    Jan 2009
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    password protect directory without .htaccess

    I'm trying to build a password protected area on my site. I can password protect the individual php files no problem, but I have multiple swf, pdf & zip files as well and I need to make sure that these can only be accessed once the user has logged in.

    I can get this all to work no problem if I use .htaccess

    The issue I have is that I need to be able to let the user logout (using a button) as this will be used on public computer within a school, something that can't be done with .htaccess

    If anyone can help me out, or point me in the direction of a free or commercial script I'd really appreciate it as I'm pulling my hair out with this

  2. #2
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    2 Thread(s)
    Hi,

    There may well be better solutions out their, although this is what I have done in the past to make this work:
    1. Implement phpseclib to communicate with the server using SSH
    2. Users for the application are bound to the Linux (UNIX) users rather than a database of users
    3. Jail the SSH for authenticated users to the directories they are allowed
    4. Create a login that passes shell commands to login or reject users
    5. Maintain user login status via a state.


    If you have never worked with this type of thing before, all I can say it was a little hairy for me. The documentation for phpseclib is ok but not great. A good understanding of Linux really helped me here. Also, not many people do this, so there was not a lot on the web that could help. Things might be different in this regard nowadays?

    Regards,
    Steve
    ictus==""

  3. #3
    SitePoint Member
    Join Date
    Jan 2009
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thanks for the info... its a little bit out of my league I think tho

  4. #4
    SitePoint Wizard gRoberts's Avatar
    Join Date
    Oct 2004
    Location
    Birtley, UK
    Posts
    2,439
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You can use .htaccess files

    I am doing something very similar to you on a project I have already. It's not 100% secure, but it helps.

    Code:
    RewriteEngine onRewriteCond %{HTTP_COOKIE} !abcd=1 [NC]
    RewriteRule ^(.*)$ /login/1 [R,L]
    If you place a .htaccess file with the above text in the directory that you want to protect, any resource accessed inside that directory will require that you have a cookie called 'abcd'.

    You can set this cookie on login and you can remove it on logout, thus giving you the control you need.

    I've set it as 'abcd', although you will want to change it to suit your own needs.



Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •