> i've written a secure PHP login script which will allow
> users to login to a
> directory such as this:
>
> smezone.com/members/index.php
>
> however, how do I restrict people from accessing HTML files in that
> directory (which they can easily do so by typing the URL into their
> browser), such as:
>
> smezone.com/members/document1.html
>
> ?
>
> Since its a regular HTML files (and we have lots), I can't
> check whether the
> user has a valid session as I would do in a PHP file.
Well, you're certainly persistent, I'll give you that - seen you ask
this question a number of times now...
I can't think of any easy way to do this using session-based user
authentication. I suspect that the only effective way to do what you
are asking without changing your html files would be to use
.htaccess/.htpasswd files to do your authentication in the required
directories.
Having said that, if you've written your php authentication properly it
should work as a php script block that you could add to the start of
each html file. If you have shell access to the directory you could do
some relatively simple shell scripting that would do something like
this:
<this is metacode>
read directory contents
foreach file in directory
- start loop -
cat php_auth_code and html file to new file with .php extension
delete old file with .html extension
- end loop -
<end metacode>
This would just add your php auth stuff to the start of each html file
and rename it to .php instead of .html so it would be handled by php
properly.
Of course, if you don't have shell access you could ftp all the relevant
files somewhere that you _do_ have shell access and do the same before
uploading them again.
CYA, Dave
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
