Re: [PHP] Need Some Direction
When you say outside of the webroot do you mean. Can you give me an example. The root of my web is in /var/www/html/. Thats where you are taken when you punch in my domain. Currently I have a directory called /test/ which is protected by .htaccess but it is inder the webroot.../var/www/html/test/ So far under this config I cant get it to work, but I'm not sure if I'm still under the webroot in my config. Do I need to move my test directory to lets say /var/www/ or even /var/? Thanks again, Aaron Torsten Roehr [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Aaron Todd [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I hate to sound ignorant, but how do I get a file out of a .htaccess protected directory without logging in again? You cant use the normal syntax of http://username:[EMAIL PROTECTED] anymore. Microsoft fixed that bug. Thanks, Aaron Hi Aaron, because you are accessing a file via PHP from your *local* file system it doesn't matter if the directory is protected or outside of the webroot. PHP has access to the file (if read privilege is set). The protection is just to deny public access. Take a look here: http://pear.php.net/manual/en/package.http.http-download.intro.php Hope this helps, Torsten -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Need Some Direction
if you have /var/www/html/ defined as documentroot, as you mentioend then outside is anything outside the directory html/ so /var/www/php/ could hold all your php files, and be outside the docroot. JAson Aaron Todd [EMAIL PROTECTED] wrote: When you say outside of the webroot do you mean. Can you give me an example. The root of my web is in /var/www/html/. Thats where you are taken when you punch in my domain. Currently I have a directory called /test/ which is protected by .htaccess but it is inder the webroot.../var/www/html/test/ So far under this config I cant get it to work, but I'm not sure if I'm still under the webroot in my config. Do I need to move my test directory to lets say /var/www/ or even /var/? Thanks again, Aaron Torsten Roehr [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Aaron Todd [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I hate to sound ignorant, but how do I get a file out of a .htaccess protected directory without logging in again? You cant use the normal syntax of http://username:[EMAIL PROTECTED] anymore. Microsoft fixed that bug. Thanks, Aaron Hi Aaron, because you are accessing a file via PHP from your *local* file system it doesn't matter if the directory is protected or outside of the webroot. PHP has access to the file (if read privilege is set). The protection is just to deny public access. Take a look here: http://pear.php.net/manual/en/package.http.http-download.intro.php Hope this helps, Torsten -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Need Some Direction
On Tuesday 10 August 2004 03:29, Aaron Todd wrote: When you say outside of the webroot do you mean. Can you give me an example. The root of my web is in /var/www/html/. Thats where you are taken when you punch in my domain. Currently I have a directory called /test/ which is protected by .htaccess but it is inder the webroot.../var/www/html/test/ So far under this config I cant get it to work, but I'm not sure if I'm still under the webroot in my config. Do I need to move my test directory to lets say /var/www/ or even /var/? Anywhere that's not inside /var/www/html will do, and as long as the webserver has access to it. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* May's Law: The quality of correlation is inversly proportional to the density of control. (The fewer the data points, the smoother the curves.) */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Need Some Direction
Aaron Todd [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Do you recomend the same for downloading of a file. I have a few zip files that need to be protected too. Do I have to open the file using fopen and then write it to the users machine using fwrite? Thanks, Aaron You can do this for any type of file. Set the aprropriate headers and then use readfile(): http://de2.php.net/manual/en/function.readfile.php Regards, Torsten -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Need Some Direction
I hate to sound ignorant, but how do I get a file out of a .htaccess protected directory without logging in again? You cant use the normal syntax of http://username:[EMAIL PROTECTED] anymore. Microsoft fixed that bug. Thanks, Aaron Torsten Roehr [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Aaron Todd [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] So far I have made this work. But now I have to ask...what about a pdf file? I cant add php code to it so what do I do. I need to be able to restrict the pdf so a user can only get to it during a current session. Thanks again for all the previous posts. You all directed me to a good place. My pdf files sliped my mind when I posted. I should have added this problem before. I hope it can still be done. Thanks, Aaron Hi Aaron, put your pdf file outside of the webroot our in a .htaccess protected directory. Then read in the file contents, set the appropriate headers and output the file contents to the browser - this should prompt a download window. PEAR's HTTP_Download is excellent for this job: http://pear.php.net/package/HTTP_Download Regards, Torsten -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Need Some Direction
Aaron Todd [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I hate to sound ignorant, but how do I get a file out of a .htaccess protected directory without logging in again? You cant use the normal syntax of http://username:[EMAIL PROTECTED] anymore. Microsoft fixed that bug. Thanks, Aaron Hi Aaron, because you are accessing a file via PHP from your *local* file system it doesn't matter if the directory is protected or outside of the webroot. PHP has access to the file (if read privilege is set). The protection is just to deny public access. Take a look here: http://pear.php.net/manual/en/package.http.http-download.intro.php Hope this helps, Torsten -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Need Some Direction
At 05:42 PM 8/5/2004, Aaron Todd wrote: So far I have made this work. But now I have to ask...what about a pdf file? I cant add php code to it so what do I do. I need to be able to restrict the pdf so a user can only get to it during a current session. Thanks again for all the previous posts. You all directed me to a good place. My pdf files sliped my mind when I posted. I should have added this problem before. I hope it can still be done. Thanks, Aaron snip Put the directory containing the .pdf's outside the web tree (webroot descendants). Miles -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Need Some Direction
Adding to what Miles says, use the fopen and fread commands (see manual on the PHP site) for accessing the PDF files so that you can send copies of them to the user. Examples are in the user comments of the manual. -Original Message- At 05:42 PM 8/5/2004, Aaron Todd wrote: So far I have made this work. But now I have to ask...what about a pdf file? I cant add php code to it so what do I do. I need to be able to restrict the pdf so a user can only get to it during a current session. Thanks again for all the previous posts. You all directed me to a good place. My pdf files sliped my mind when I posted. I should have added this problem before. I hope it can still be done. Thanks, Aaron snip Put the directory containing the .pdf's outside the web tree (webroot descendants). Miles -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Need Some Direction
Do you recomend the same for downloading of a file. I have a few zip files that need to be protected too. Do I have to open the file using fopen and then write it to the users machine using fwrite? Thanks, Aaron Ed Lazor [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Adding to what Miles says, use the fopen and fread commands (see manual on the PHP site) for accessing the PDF files so that you can send copies of them to the user. Examples are in the user comments of the manual. -Original Message- At 05:42 PM 8/5/2004, Aaron Todd wrote: So far I have made this work. But now I have to ask...what about a pdf file? I cant add php code to it so what do I do. I need to be able to restrict the pdf so a user can only get to it during a current session. Thanks again for all the previous posts. You all directed me to a good place. My pdf files sliped my mind when I posted. I should have added this problem before. I hope it can still be done. Thanks, Aaron snip Put the directory containing the .pdf's outside the web tree (webroot descendants). Miles -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Need Some Direction
Hello, I am trying to build up a members only site, but I need some direction. So far I have written a page that will let a user register for access. That script emails me their info so I can validate it, sends them a thankyou email and then sends the data to a temporary MySQL database table. In the email that I get I created two links. One will send the user an acceptance email and put their info in a final database table. The other will send the user a Deny email and will delete their info from the temporary database table. I have also created a login script that will ask for a username and password and verify it with the database. If its all correct then it will redirect you to a restricted page. The direction I need is how do I go about restricting access to the members only pages? I have been reading up on sessions, which I think will be a cool addition to this site, but I still havent found much on restrictin access without a username and password. Currently my login and registration pages are located in the root of the domain. The all the members only pages are in a directory called /members/. Can anyone give me some direction on how I should go about all this. Thanks, Aaron -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Need Some Direction
I created a simpleAuth script that handles authentication, then sets up a session, there is a method that i called requireAuth(); i call this method on any page i want restricted to the members, it checks the for the valid sessoin, and also checks the time of login, and calls my destoy method if user is over an hour logged in. if not valid session, or over the time limit, headers to some page and gives appropriate error message to user. Jason Aaron Todd [EMAIL PROTECTED] wrote: Hello, I am trying to build up a members only site, but I need some direction. So far I have written a page that will let a user register for access. That script emails me their info so I can validate it, sends them a thankyou email and then sends the data to a temporary MySQL database table. In the email that I get I created two links. One will send the user an acceptance email and put their info in a final database table. The other will send the user a Deny email and will delete their info from the temporary database table. I have also created a login script that will ask for a username and password and verify it with the database. If its all correct then it will redirect you to a restricted page. The direction I need is how do I go about restricting access to the members only pages? I have been reading up on sessions, which I think will be a cool addition to this site, but I still havent found much on restrictin access without a username and password. Currently my login and registration pages are located in the root of the domain. The all the members only pages are in a directory called /members/. Can anyone give me some direction on how I should go about all this. Thanks, Aaron -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Need Some Direction
Aaron, The way to do it is to have an authentication page where users log in. A successful login starts the session, on each subsequent page test for the session and if it is not present, redirect to the login page. This test is just one line at the top of each page you want to protect. This way if someone comes to a members page through something like Google, they will be redirected automatically to the login page. Trust this his helpful - Miles Thompson At 11:42 AM 8/5/2004, Aaron Todd wrote: Hello, I am trying to build up a members only site, but I need some direction. So far I have written a page that will let a user register for access. That script emails me their info so I can validate it, sends them a thankyou email and then sends the data to a temporary MySQL database table. In the email that I get I created two links. One will send the user an acceptance email and put their info in a final database table. The other will send the user a Deny email and will delete their info from the temporary database table. I have also created a login script that will ask for a username and password and verify it with the database. If its all correct then it will redirect you to a restricted page. The direction I need is how do I go about restricting access to the members only pages? I have been reading up on sessions, which I think will be a cool addition to this site, but I still havent found much on restrictin access without a username and password. Currently my login and registration pages are located in the root of the domain. The all the members only pages are in a directory called /members/. Can anyone give me some direction on how I should go about all this. Thanks, Aaron -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Need Some Direction
On Thursday 05 August 2004 10:42, Aaron Todd offered up the following
tid-bit of information :
snip
The direction I need is how do I go about restricting access to the
members only pages? I have been reading up on sessions, which I think
will be a cool addition to this site, but I still havent found much on
restrictin access without a username and password. Currently my login
and registration pages are located in the root of the domain. The all
the members only pages are in a directory called /members/.
Can anyone give me some direction on how I should go about all this.
snip
When a user logs in successfully, you could set a session variable (move on
to cookies if you want them to be able to 'remember' their login) like
$_SESSION['loggedin'] = true; Then, in every page in your members section
(use an include file), do something like this before any output to the
browser
if ( ! isset ( $_SESSION['loggedin'] ) || ! $_SESSION['loggedin'] ) {
header ( Location : /unauthorized.php );
exit;
}
--
John C. Nichel
berGeek
KegWorks.com
716.856.9675
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Need Some Direction
So far I have made this work. But now I have to ask...what about a pdf file? I cant add php code to it so what do I do. I need to be able to restrict the pdf so a user can only get to it during a current session. Thanks again for all the previous posts. You all directed me to a good place. My pdf files sliped my mind when I posted. I should have added this problem before. I hope it can still be done. Thanks, Aaron Miles Thompson [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Aaron, The way to do it is to have an authentication page where users log in. A successful login starts the session, on each subsequent page test for the session and if it is not present, redirect to the login page. This test is just one line at the top of each page you want to protect. This way if someone comes to a members page through something like Google, they will be redirected automatically to the login page. Trust this his helpful - Miles Thompson At 11:42 AM 8/5/2004, Aaron Todd wrote: Hello, I am trying to build up a members only site, but I need some direction. So far I have written a page that will let a user register for access. That script emails me their info so I can validate it, sends them a thankyou email and then sends the data to a temporary MySQL database table. In the email that I get I created two links. One will send the user an acceptance email and put their info in a final database table. The other will send the user a Deny email and will delete their info from the temporary database table. I have also created a login script that will ask for a username and password and verify it with the database. If its all correct then it will redirect you to a restricted page. The direction I need is how do I go about restricting access to the members only pages? I have been reading up on sessions, which I think will be a cool addition to this site, but I still havent found much on restrictin access without a username and password. Currently my login and registration pages are located in the root of the domain. The all the members only pages are in a directory called /members/. Can anyone give me some direction on how I should go about all this. Thanks, Aaron -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Need Some Direction
Aaron Todd [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] So far I have made this work. But now I have to ask...what about a pdf file? I cant add php code to it so what do I do. I need to be able to restrict the pdf so a user can only get to it during a current session. Thanks again for all the previous posts. You all directed me to a good place. My pdf files sliped my mind when I posted. I should have added this problem before. I hope it can still be done. Thanks, Aaron Hi Aaron, put your pdf file outside of the webroot our in a .htaccess protected directory. Then read in the file contents, set the appropriate headers and output the file contents to the browser - this should prompt a download window. PEAR's HTTP_Download is excellent for this job: http://pear.php.net/package/HTTP_Download Regards, Torsten -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
