I would put it in the subsequent include page.
if($PHP_AUTH_USER)
{
includes();
}
else
{
print("You are not authorized to view this page");
}
-----------------------------------------------------------------------
.:: Nathan Cook - Network/Security Admin
office: 208.343.3110 - Web Programmer
email: [EMAIL PROTECTED] - Qmail Admin
pager: 208.387.9983 - MIS Admin
-----------------------------------------------------------------------
----- Original Message -----
From: "Miles Thompson" <[EMAIL PROTECTED]>
To: "Nathan Cook" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, January 16, 2001 5:13 PM
Subject: Re: [PHP] How to keep unauthorized viewers out
> Nathan,
>
> Thanks for your reply ...
>
> At 04:53 PM 01/16/2001 -0700, Nathan Cook wrote:
> >how do they authenticate? VIA http or a subsequent page?
>
> HTTP authentication,using
> Header("WWW-authenticate: basic realm=\"Business Today\"")
>
> >Whichever it is, there are variables associated with each check for those
> >variables before loading.
>
> Yes I'm using $PHP_AUTH_USER and $PHP_AUTH_PW. But I can only check for
> those within a script, not in a straight HTML page. (Although I suppose I
> could change all the page extensions to .php and put a check for these
> var's at the very top and redirect to the login script if they are not
> present.)
>
> Alternately, I suppose I could create a session ID, following a successful
> login. I really don't want to invoke .htaccess.
>
> Miles
>
> >-----------------------------------------------------------------------
> >.:: Nathan Cook - Network/Security Admin
> >office: 208.343.3110 - Web Programmer
> >email: [EMAIL PROTECTED] - Qmail Admin
> >pager: 208.387.9983 - MIS Admin
> >-----------------------------------------------------------------------
> >----- Original Message -----
> >From: "Miles Thompson" <[EMAIL PROTECTED]>
> >To: <[EMAIL PROTECTED]>
> >Sent: Tuesday, January 16, 2001 4:49 PM
> >Subject: [PHP] How to keep unauthorized viewers out
> >
> >
> > > I'm using a pretty simple linking system for a subscription-based
> > > newsletter site.
> > >
> > > Stories and articles are in straight html files, reached by links from
the
> > > front page. Clicking on a link passes a story number. So the second
story
> > > on the index page would have this link: <A
HREF="./story.php?storynum=2">
> > >
> > > and story.php consists of just these lines:
> > >
> > > <? include "auth.inc" ;
> > > include "header.inc" ;
> > > include $storynum.".htm" ;
> > > include "footer.inc" ;
> > > ?>
> > >
> > > If someone comes in the "right way", through the index page, they will
> >have
> > > to be authenticated, then the header, article and page footer are
> >displayed.
> > >
> > > There's nothing, however, to stop someone from typing an URL like
this:
> > > http://www.somepub.ca/2.htm and seeing the article. I assume they
could
> > > also come in that way via a search engine.
> > >
> > > Any suggestions on how to stop that? Resources I should look at? I do
want
> > > to keep the stories in straight html as the editor is struggling now
with
> > > basic layout, etc.
> > >
> > > Regards - Miles Thompson
> > >
> > >
> > >
> > > --
> > > PHP General Mailing List (http://www.php.net/)
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > To contact the list administrators, e-mail:
[EMAIL PROTECTED]
> > >
> > >
>
>
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
