.htaccess PHP - Hobe it make sence.

Discussion in 'Server Operation' started by Joe-Montana, Nov 3, 2005.

  1. Joe-Montana

    Joe-Montana New Member

    Hey All

    i would like to use .htaccess to protect a folder, i know how to do it with the, "htpasspwd" and put the .htaccess in the folder.

    Is there any way that i can get htaccess to include a php file to check user and password. instead of using the htpasspwd file


    ##### if u know what i mean ################

    AuthName "restricted stuff"
    AuthType Basic
    AuthUserFile userfile.php

    require valid-user

    ####################

    ########## userfile.php #######
    <?php

    //prevents caching
    header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
    header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
    header("Cache-Control: post-check=0, pre-check=0",false);
    session_cache_limiter();
    session_start();

    require('../../siteuser/config.php');
    require('../../siteuser/functions.php');

    if (allow_access(user) != "yes") {
    {
    include ('../../siteuser/no_access.html');
    exit;
    }
    ?>

    Hobe it make sence.

    Best Regard

    Joe Montana
     
  2. falko

    falko Super Moderator Howtoforge Staff

    No that doesn't work. Have a look here: http://httpd.apache.org/docs/1.3/mod/mod_auth.html

    It reads:
    But you can do authentication with PHP, without .htaccess. It works like this:

    PHP:
    <?
        
    // checks if you have entered a username and a password
        
    if (!$_SERVER['PHP_AUTH_USER'] || !$_SERVER['PHP_AUTH_PW'])
        {
            
    // if empty, send header causing dialog box to appear
            
    header('WWW-Authenticate: Basic realm="Admin"');
            
    header('HTTP/1.0 401 Unauthorized');
            echo 
    "Authorization Required.";
            exit;
        }
        else
        {
            
    // check if the username and password are correct
            
    if (($_SERVER['PHP_AUTH_USER'] == "demo") && ($_SERVER['PHP_AUTH_PW'] == "demo"))
            {
                
    // dispay happy message and admin stuff
                
    echo "Welcome!";
            }
            else
            {
                
    // display angry message for invalid user
                
    die("Oops! That didn't work...");
            }
        }
    ?>
     
  3. Joe-Montana

    Joe-Montana New Member

    Thaks again Falko,

    Ok it´s maby me that eksplain it a bad way, the php script i have inlcude works fine as long as i include it on a site that i want to protect.


    ########## www.mysite.dk/user/index.php #######
    <?php

    //prevents caching
    header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
    header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
    header("Cache-Control: post-check=0, pre-check=0",false);
    session_cache_limiter();
    session_start();

    require('../../siteuser/config.php');
    require('../../siteuser/functions.php');

    if (allow_access(user) != "yes") {
    {
    include ('../../siteuser/no_access.html');
    exit;
    }
    ?>
    <HTML>
    <HEAD>
    <TITLE>mysite</TITLE>
    <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1251">

    </HEAD>
    <BODY BGCOLOR=#999999

    <iframe src="/user/main.php" frameborder="0" name="main" scrolling="no" height="1000" width="902"></iframe>

    </BODY>
    </HTML>
    ################################

    My php script checks in my sql database if user is loocked in.

    connect to www.mysite.dk you will meet a normal form for user and password, if user is ok it will redirect to www.mysite.dk/user/index.php everything is god and work.


    Now ex. if you connect direct to www.mysite.dk/user/index.php it meet the php script i have include, and if you not are loocked ind it will send you to www.mysite.dk. Everything is fine so fare.

    The problem is that you can still get access to www.mysite.dk/user/audio.mp3

    I would like to put a file in that folder (www.mysite.dk/user/) that no mater what, the server will read that file first and in that file i will include my php script.

    Hobe You understand, and sorry about my spelling

    /Joe
     
  4. falko

    falko Super Moderator Howtoforge Staff

    You could write a script that is run by a con job and reads your users and their passwords from the database and puts them into a plain text file which you can include in your .htaccess file (see http://httpd.apache.org/docs/1.3/mod/mod_auth.html ).
     

Share This Page