Store the users authenticated directory name in a session from the login form.
Add a mod_rewrite directive to the top level users directory which redirects to a PHP script on attempted direct access to the specified directories.
Use this PHP script to determine if the users session authentication is appropriate for the directory they are trying to access (usually, I would authenticate against encrypted passwords in a database).
If its acceptable, do readdir() from PHP and present an on screen list of files, routed through to another PHP file which actually *delivers* those files to the user when they click on the file names you just read.
Of course, it depends on the types of files you plan on sending, and how deep your directory structure is, exactly how you do this : To maintain consistency, you will need to send the correct mime-type header when a user clicks a file name , then use readfile() to pass them the file data through from PHP.
I still don't know what web server you are using, or even if you plan on using PHP, though ASP can do some of the same things through its filesystem objects as can perl, ColdFusion etc.
Hope that helps, if not, I can program this sort of solution at very reasonable rates ;-))
Cheers - Neil.
At 08:35 17/06/2003 +0000, you wrote:
Message-ID: <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Reply-To: "Guru P Chaturvedi" <[EMAIL PROTECTED]> From: "Guru P Chaturvedi" <[EMAIL PROTECTED]> Date: Tue, 17 Jun 2003 13:19:45 +0530 Subject: Re: Subject: Re: User Authentication... MIME-Version: 1.0
Hi Neil,
Well is it basically to collect user name and password from user? What actually i am looking for is skipping this screen and having the same functionality thru a HTML form.
Lemme explain you in details... I have a set of files protected using the Auth Directives. So user's need to provide user name and password to access these files via browser. Now what i am looking at is using HTML form to login like Yahoo! or MSN... but users who login using this method only should be able to access files. Are there any ways of doing this... please help me out in this regard.
Thanks in advance, Guru.
"Neil Smith" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Try this. Please note that on windows you *cannot* raise a http auth box > this way (PHP_AUTH_USER is not defined for Apache on windows), so you will > need to use this on your live unix Apache/PHP server : > > function getUserAuthPW() { > // If present, set user Authenticate Password box values > global $_SERVER; > if (isset($_SERVER["PHP_AUTH_USER"])) { > $username=safestring($_SERVER["PHP_AUTH_USER"]); > $password=safestring($_SERVER["PHP_AUTH_PW"]); > return true; > } else { > header("WWW-Authenticate: Basic > realm=\"CaptionKit\""); > header("HTTP/1.0 401 Unauthorized"); > echo "You must enter a valid login ID and password > to access this resource\n"; > exit; > } > } > > What this does is to check for PHP_AUTH_USER and if it's not defined, > raises a 401 error. The client interprets this as a request to enter user > name & password, and brings up the grey box you see using .htaccess / > .htpasswd files. The function safestring just adds slashes if there are > characters which need escaping for your database (some people might just > 'addslashes()' but I do a little more first, like trim and htmlspecialchars). > > Cheers - Neil Smith. > > Please note : I do not accept email from hotmail, yahoo, AOL or msn > accounts. All such mail *will* be bounced and deleted without being read. > Thankyou for your understanding. > > At 07:36 16/06/2003 +0000, you wrote: > >Message-ID: <[EMAIL PROTECTED]> > >To: [EMAIL PROTECTED] > >Reply-To: "Guru P Chaturvedi" <[EMAIL PROTECTED]> > >From: "Guru P Chaturvedi" <[EMAIL PROTECTED]> > >Date: Mon, 16 Jun 2003 01:16:53 +0530 > >Subject: Re: User Authentication... > >MIME-Version: 1.0 > > > >Hi, > > > >Any clues...please?!
-- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
