Karen J. Cravens wrote:
On Wed, 3 Sep 2003, Puneet Kishor wrote:
PK>I know this is asking for a basic course in creating a password
PK>protected website -- if someone could provide a link to such an article
PK>(esp. if it deals with H::T-specific issues, if any -- for example,
PK>.tmpl files are not cgi scripts, so how could they be protected, etc.)
PK>that would be great.
Most of this doesn't even need to be done at the script level, much less H::T... just use the .htaccess file to secure the directory (or directories) at the server level. Scripts can retrieve the (already verified) username from the environment variables if they need to look things up in a database.
Thanks Karen. The problems with .htaccess are --
1. A separate file/db to store the username/password info. I want to store all user-related info (username, password, and a boatload of personalization info such as favorite color and firstname, etc.) in the same database table that I can safely backup or move to another server, etc.
2. As I understand, using AuthType Basic with .htaccess allows you to login but not logout (that's what I gathered from Apache docs, although I might be confused over this).
oh... and another problem with .htaccess I forgot to mention --
once you are in, you are in for everything. So, as I mentioned in my original query -- "How do I prevent the user from going directly to mywebsite/foo.tmpl or whatever else? "
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Html-template-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/html-template-users
