On Saturday 01 February 2003 17:28, Shams wrote: > Hi, > > i've written a secure PHP login script which will allow users to login to a > directory such as this: > > smezone.com/members/index.php > > however, how do I restrict people from accessing HTML files in that > directory (which they can easily do so by typing the URL into their > browser), such as: > > smezone.com/members/document1.html > > ? > > Since its a regular HTML files (and we have lots), I can't check whether > the user has a valid session as I would do in a PHP file.
You can use HTTP authentication, but that's probably not what you want since you went through the trouble of creating a php login system. There are two ways you can go about this (there may be more that I'm not aware of): 1) Move your restricted HTML files to outside of the DOCUMENT ROOT of your webserver. And have PHP include() those files. 2) Set your webserver to interpret HTML files as PHP and include your authentication code using auto_prepend_file directive in php.ini. -- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * ------------------------------------------ Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general ------------------------------------------ /* sticktion */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
