--- Wade Smart <[EMAIL PROTECTED]> wrote:
> 06272006 1731 GMT-6
>
> session_start();
> if(isset($SESSION['user'])){
> // allow access to this folder
> } else {
> // redirect to login
> }
The code above probably wasn't tested. The proper superglobal name for
sessions is $_SESSION not
$SESSION.
I would probably see if the user does not have login credentials (check the
database every page
load) and show them the form for login. Use the exit() function to prevent the
rest of the page
from loading and being displayed in the browser. If they are logged in (else
condition) then let
the page load normally.
A question was asked about protecting the image directories. I would create an
image handler PHP
program which checks for a valid session and then obtains the image data from a
file in a
protected directory. The header() can be used to identify the image MIME type
so the browser
knows what to do with the data. The readfile() will obtain the contents of a
file and present
that output as if it were data for the browser. The location in readfile() is
based on the
filesystem, not the web address location. Hence, the images can be stored
outside the web space
entirely. However, if you want to, you can put a protected directory in the
web space:
In the .htaccess file for the image directory, use:
Order Allow,Deny
Deny From All
and be sure there is at least one blank line at the end of the .htaccess file.
Sometimes the last
configuration statement is not read if it is not followed by a newline.
I grant that I have not given the code to implement this but hopefully you can
take these ideas
and write your own code.
James
------------------------ Yahoo! Groups Sponsor --------------------~-->
See what's inside the new Yahoo! Groups email.
http://us.click.yahoo.com/2pRQfA/bOaOAA/yQLSAA/HKFolB/TM
--------------------------------------------------------------------~->
Community email addresses:
Post message: [email protected]
Subscribe: [EMAIL PROTECTED]
Unsubscribe: [EMAIL PROTECTED]
List owner: [EMAIL PROTECTED]
Shortcut URL to this page:
http://groups.yahoo.com/group/php-list
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/php-list/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
