Hey All i would like to use .htaccess to protect a folder, i know how to do it with the, "htpasspwd" and put the .htaccess in the folder. Is there any way that i can get htaccess to include a php file to check user and password. instead of using the htpasspwd file ##### if u know what i mean ################ AuthName "restricted stuff" AuthType Basic AuthUserFile userfile.php require valid-user #################### ########## userfile.php ####### <?php //prevents caching header("Expires: Sat, 01 Jan 2000 00:00:00 GMT"); header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); header("Cache-Control: post-check=0, pre-check=0",false); session_cache_limiter(); session_start(); require('../../siteuser/config.php'); require('../../siteuser/functions.php'); if (allow_access(user) != "yes") { { include ('../../siteuser/no_access.html'); exit; } ?> Hobe it make sence. Best Regard Joe Montana
No that doesn't work. Have a look here: http://httpd.apache.org/docs/1.3/mod/mod_auth.html It reads: But you can do authentication with PHP, without .htaccess. It works like this: PHP: <? // checks if you have entered a username and a password if (!$_SERVER['PHP_AUTH_USER'] || !$_SERVER['PHP_AUTH_PW']) { // if empty, send header causing dialog box to appear header('WWW-Authenticate: Basic realm="Admin"'); header('HTTP/1.0 401 Unauthorized'); echo "Authorization Required."; exit; } else { // check if the username and password are correct if (($_SERVER['PHP_AUTH_USER'] == "demo") && ($_SERVER['PHP_AUTH_PW'] == "demo")) { // dispay happy message and admin stuff echo "Welcome!"; } else { // display angry message for invalid user die("Oops! That didn't work..."); } } ?>
Thaks again Falko, Ok it´s maby me that eksplain it a bad way, the php script i have inlcude works fine as long as i include it on a site that i want to protect. ########## www.mysite.dk/user/index.php ####### <?php //prevents caching header("Expires: Sat, 01 Jan 2000 00:00:00 GMT"); header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); header("Cache-Control: post-check=0, pre-check=0",false); session_cache_limiter(); session_start(); require('../../siteuser/config.php'); require('../../siteuser/functions.php'); if (allow_access(user) != "yes") { { include ('../../siteuser/no_access.html'); exit; } ?> <HTML> <HEAD> <TITLE>mysite</TITLE> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1251"> </HEAD> <BODY BGCOLOR=#999999 <iframe src="/user/main.php" frameborder="0" name="main" scrolling="no" height="1000" width="902"></iframe> </BODY> </HTML> ################################ My php script checks in my sql database if user is loocked in. connect to www.mysite.dk you will meet a normal form for user and password, if user is ok it will redirect to www.mysite.dk/user/index.php everything is god and work. Now ex. if you connect direct to www.mysite.dk/user/index.php it meet the php script i have include, and if you not are loocked ind it will send you to www.mysite.dk. Everything is fine so fare. The problem is that you can still get access to www.mysite.dk/user/audio.mp3 I would like to put a file in that folder (www.mysite.dk/user/) that no mater what, the server will read that file first and in that file i will include my php script. Hobe You understand, and sorry about my spelling /Joe
You could write a script that is run by a con job and reads your users and their passwords from the database and puts them into a plain text file which you can include in your .htaccess file (see http://httpd.apache.org/docs/1.3/mod/mod_auth.html ).