Assuming Apache:
1. use index.php or login.php as a log-in file, just as you are
2. if you have your heart set on naming the files .html instead of .php,
then create a .htaccess file in the dir which forces .html files thru php
for that directory
3. create a php file called "access_control.php" with (psuedo code) the
following contents:
---
<?
if(the user isn't valid)
{
header("Location: login.php");
exit;
}
?>
---
4. add <? include('access_control.php'); ?> at the top of any html or php
file you wish to protect... if the user isn't valid, they will be redirected
to the login page. if they are valid, they'll see the file.
If you have lots of these HTML files to add the line to, consider a batch
process, which you can do with PHP and most text editors.
I get the feeling you could also auto-prepend access_control.php to ALL
scripts, and add a little more logic to the code:
---
<?
if( (the user isn't valid) AND (eregi('.html$',$_SERVER['PHP_SELF'])) )
{
header("Location: login.php");
exit;
}
?>
---
-- which should only impose the access control on *.html pages, but i'm not
good with regexp at all!!
Justin French
on 12/02/03 8:46 PM, Shams ([EMAIL PROTECTED]) wrote:
> Hi,
>
> i've written a secure PHP login script which will allow users to login to a
> directory such as this:
>
> smezone.com/members/index.php
>
> however, how do I restrict people from accessing HTML files in that
> directory (which they can easily do so by typing the URL into their
> browser), such as:
>
> smezone.com/members/document1.html
>
> ?
>
> Since its a regular HTML files (and we have lots), I can't check whether the
> user has a valid session as I would do in a PHP file.
>
> Thanks for any help!
>
> Shams
>
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
