Protected Directory...

Fix it!!

Protected Directory...

Postby clievers » Fri Jul 28, 2006 12:08 pm

Hello,

Problem:

I need to have password protection on a directory and all of its content and subfolders. Essentially it's a "client area" of a website. In this directory will contain regular php script files to display pages, but there will also be links to PDF files, and regular html websites for beta-testing, etc.

I need to be able to say http://www.site.com/client/client1/* is locked down to only those client1 users specified in a mysql database. For PHP scripts this should be fairly simple in that you can write code at the beginning to check for this. But links to PDF files, as well as running HTML files in these folders can't be handled by PHP.

Is there some sort of way for mod_rewrite to transfer execution to a PHP script where I can verify the user is logged in and accessing the correct sub directory, then if so continue execution otherwise go to the login page?

Please Note: I cannot use .htaccess/htpasswd/htgroup files for this because I cannot have the standard little authentication box "pop" up. It needs to be done through PHP forms.

Thanks very much in advance.
Cory
clievers
 
Posts: 1
Joined: Fri Jul 28, 2006 12:05 pm
Location: Calgary, AB, Canada

Postby richardk » Fri Jul 28, 2006 3:07 pm

Something like this, in a .htaccess file in the /clients directory:
Code: Select all
Options +FollowSymLinks

RewriteEngine On

# file extensions in the () seperated by a |
RewriteRule \.(html|pdf)$ /clients/file-auth.php [L]

All requests for .html or .pdf are sent to /clients/file-auth.php, you can work out the requested file with $_SERVER['REQUEST_URI'].
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am


Return to Security with Mod_Rewrite

Who is online

Users browsing this forum: No registered users and 4 guests

cron