At 21:12 01.03.2003, Philip J. Newman said:
--------------------[snip]--------------------
>Is there a way that i can restrict access to an entire directory using
>PHP/MYSQL so only valid users in the Database can have access to a resource?
--------------------[snip]--------------------
1) Put that folder outside the document root of your webserver so they
cannot be retrieved by accessing their URL directly
2) After authenticating, server the files using readfile() or similar.
You could even use the ErrorDocument directive in Apache to run this.
Consider this deirectory layout:
~newmanpj/
+ -- htdocs <== the web root (home of hidden_files.php)
| + -- hidden_files <== an empty directory, only .htaccess
available
|
+ -- hidden_files <== the directory holding your files
The .htaccess file within the hidden directory contains
ErrorDocument 404 /hidden_files.php
Now when a user requests
http://www.newmanpj.com/hidden_files/somestuff.html, the hidden_files.php
will be triggered by apache, having $_SERVER['REDIRECT_URL'] set to the
requested URL.
hidden_files.php does the following:
1) Check if the request is for a hidden file:
No => serve a general 404 Error message
Yes => continue
2) Check authentication:
Not authenticated => goto login (or return 401 Authenticate)
Yes - readfile(requested_file)
Hope this helps,
--
>O Ernest E. Vogelsinger
(\) ICQ #13394035
^ http://www.vogelsinger.at/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
