Re: [PHP] How to keep unauthorized viewers out

Miles Thompson Tue, 16 Jan 2001 15:58:55 -0800
Nathan,

Thanks for your reply ...

At 04:53 PM 01/16/2001 -0700, Nathan Cook wrote:
>how do they authenticate?  VIA http or a subsequent page?

HTTP authentication,using
  Header("WWW-authenticate: basic realm=\"Business Today\"")

>Whichever it is, there are variables associated with each check for those
>variables before loading.

Yes I'm using $PHP_AUTH_USER and $PHP_AUTH_PW. But I can only check for 
those within a script, not in a straight HTML page. (Although I suppose I 
could change all the page extensions to .php and put a check for these 
var's at the very top and redirect to  the login script if they are not 
present.)

Alternately, I suppose I could create a session ID, following a successful 
login. I really don't want to invoke .htaccess.

Miles

>-----------------------------------------------------------------------
>.:: Nathan Cook                            - Network/Security Admin
>office:  208.343.3110                   - Web Programmer
>email:   [EMAIL PROTECTED]         - Qmail Admin
>pager:  208.387.9983                   - MIS Admin
>-----------------------------------------------------------------------
>----- Original Message -----
>From: "Miles Thompson" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Tuesday, January 16, 2001 4:49 PM
>Subject: [PHP] How to keep unauthorized viewers out
>
>
> > I'm using a pretty simple linking system for a subscription-based
> > newsletter site.
> >
> > Stories and articles are in straight html files, reached by links from the
> > front page. Clicking on a link passes a story number. So the second story
> > on the index page would have this link: <A HREF="./story.php?storynum=2">
> >
> > and story.php consists of just these lines:
> >
> > <? include "auth.inc" ;
> > include "header.inc" ;
> > include $storynum.".htm" ;
> > include "footer.inc" ;
> > ?>
> >
> > If someone comes in the "right way", through the index page, they will
>have
> > to be authenticated, then the header, article and page footer are
>displayed.
> >
> > There's nothing, however, to stop someone from typing an URL like this:
> > http://www.somepub.ca/2.htm and seeing the article. I assume they could
> > also come in that way via a search engine.
> >
> > Any suggestions on how to stop that? Resources I should look at? I do want
> > to keep the stories in straight html as the editor is struggling now with
> > basic layout, etc.
> >
> > Regards - Miles Thompson
> >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > To contact the list administrators, e-mail: [EMAIL PROTECTED]
> >
> >




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] How to keep unauthorized viewers out

Reply via email to
