A .htaccess file is a Web server configuration file. It cannot know what 
sort of PHP code you have in place to authenticate a user. :-)

As has been suggested by someone else, you should place your restricted 
files outside of document root. In PHP, it is a simple matter of an 
include() to display the file:


Also, this method keeps you from doing this redirecting you are talking 
about. Unnecessary redirections like that double your traffic, which is 
not a good idea.

Happy hacking.


Bryan Koschmann - GKT wrote:

>On Tue, 24 Sep 2002, David Buerer wrote:
>|make the directory outside of the web server root path and create some PHP
>|routines to display the directory data as you see fit.  PHP can see the
>|entire file store, whereas the webserver can only see data below it's root.
>|That way you keep security and can also display the data.
>Isn't there a simple way to use like an htaccess file with this, or
>another php file in that directory that checks to see if you are
>authenticated (and if not sends to the login page)?
>Can you give me a quick bit on how to make it not hold authentication
>information after leaving that site?

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to