On Tue, 24 Sep 2002, David Buerer wrote:

|make the directory outside of the web server root path and create some PHP
|routines to display the directory data as you see fit.  PHP can see the
|entire file store, whereas the webserver can only see data below it's root.
|That way you keep security and can also display the data.

Isn't there a simple way to use like an htaccess file with this, or
another php file in that directory that checks to see if you are
authenticated (and if not sends to the login page)?

Can you give me a quick bit on how to make it not hold authentication
information after leaving that site?



|User goes to an address. They login with say "jsmith" and their password.
|the PHP script gets authenticates against a MySQL database. I have this
|After being authenticated, user is redirected to a directory to which only
|they have access to (say www.mydomain.com/jsmith). I have this working to
|the redirect part.
|Where I am stuck is how to make it so someone can ONLY get to that
|directory if they are authenticated, and cannot access it directly.
|Now, I was thinking that there could be something php-based in that
|directory that checks if they are already authenticated, but the problem
|is that the files are generated by another program that I cannot modify.
|I'm also having a problem where I have to close my browser to be able to
|re-login, but I'm guessing this is a session problem and I just haven't
|gotten that far yet.
|Does anyone have any ideas here? I did a lot of searching and didn't find
|much of anything.
|Thanks in advance!
|       Bryan

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to