On Sun, 2010-08-15 at 22:15 +0430, Ali Asghar Toraby Parizy wrote:

> all files (web pages, pictures, and exe files) and folders in a directory
> should be protected against anonymous users.
> I create an application with php and mysql for registered users. when a user
> registers it's information will be saved in database and its username and
> password will be added to .htpass file. so registered users can reach
> protected area.
> But browser prompts login dialog, when users want to access this folder. How
> can I run login process with php.
> Thanks
> 
> 
> On Sat, Aug 14, 2010 at 4:23 PM, chris h <chris...@gmail.com> wrote:
> 
> > it sounds as if apache - or whatever your http server is - is not aware of
> > your php script.  All apache knows is that someone is trying to access a
> > directory or file that is protected, it does not know that it should send
> > that request to the php script for a login.
> >
> > What are the protected resources that you want a login for?
> >
> >
> > On Sat, Aug 14, 2010 at 1:52 AM, Ali Asghar Toraby Parizy <
> > aliasghar.tor...@gmail.com> wrote:
> >
> >> Hi
> >> The php script is in another folder. I set PHP_AUTH_USER and 'PHP_AUTH_PW
> >> in login script then try to open the file in the protected directory. the
> >> php file is not in the protected realm.
> >>
> >>
> >> On Sat, Aug 14, 2010 at 3:26 AM, chris h <chris...@gmail.com> wrote:
> >>
> >>> Based off what your saying my guess is that the request is not hitting
> >>> your php script.
> >>>
> >>> Is the php script in the protected directory? If so what is it's file
> >>> name and what url are you hitting for the test?
> >>>
> >>>
> >>> Chris.
> >>>
> >>>
> >>> On Fri, Aug 13, 2010 at 6:21 PM, Ali Asghar Toraby Parizy <
> >>> aliasghar.tor...@gmail.com> wrote:
> >>>
> >>>> Hi. I have a protected directory in my host. I have configured .htaccess
> >>>> successfully and it works prefect.
> >>>> Now I'm looking for a solution to login and logout by a php script.
> >>>> In my site I have a login page. In that page I set 'PHP_AUTH_USER' and '
> >>>> PHP_AUTH_PW'. but when I try to open protected directory, user
> >>>> authentication dialog appears.
> >>>> How can I do this? What is my error?
> >>>>
> >>>> --
> >>>> Ali Asghar Torabi
> >>>>
> >>>
> >>>
> >>
> >>
> >> --
> >> Ali Asghar Torabi
> >>
> >
> >
> 
> 
> -- 
> Ali Asghar Torabi
> 
> 
> 


The two login processes are separate from each other. The .htaccess
method is handled by Apache, completely apart from PHP. I believe it is
possible, but is unreliable because of the way different browser/server
combinations behave.

Your best bet is to store these files outside of web route, and access
them with a URL like this:

file.php?id=123456

your web route might be something like /var/www/html/yoursite
(where /var/www/html is the web root)
your documents and secure files could be at /var/www/files/yoursite

In your DB, the file id 123456 maps to a specific file on the hosting.
This file isn't accessible from the web normally, so PHP will have to
use something like fpassthru() to open dump the contents to the browser
(obviously sending the correct header() mime type, etc). The advantage
to this is you can use your PHP login system, and check each file
download attempt against the session to ensure they are a valid user who
should be able to access this file. Also, the obfuscation of the
filename means that someone is less likely to guess at a filename. The
id itself can be anything from a hash of the filename to an auto
increment id in the DB.

Thanks,
Ash
http://www.ashleysheridan.co.uk


Reply via email to