John Coggeshall wrote:

> Hey all..
> I've got a question -- I'd like to restrict access to entire directories
> based on if the user has been authenticated or not. Basically, I'd like
> to set up a auto-include *FROM APACHE* to run a PHP script prior to
> sending any documents what-so-ever and only send the requested document
> if the PHP script allows it. So..
> Request Made -> PHP Script Runs -> PHP Checks Authentication -> PHP says
> OK -> Apache sends file normally
> Or..
> Request Made -> PHP Script Runs -> PHP Checks Authentication -> PHP says
> NO -> Apache stops dead in it's tracks or displays a HTTP error
> Is this possible? It has to work for any document or MIME type and be
> restrictable by directory... (i.e. I just want this happening in a
> /secure/ directory)
> John

Not sure if you'll be able to do that, because PHP won't run unless 
Apache calls it.  It wouldn't call the PHP interpreter unless it's a PHP 
file type (.php associated with 1 application type, jpg associated with 
a MIME type, etc).

Two things spring to mind:

1.  Do you mean 'authenticated' as in 'Apache-level' authentication, or 
PHP-level authentication?

2.  If you need to have every request go through PHP, perhaps a
URL rewriting solution would work - everything it rewritten to go 
through PHP, then it can decide whether to 'pass thru' the file or 
display an error message.

Michael Kimsal

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to