On Sun, 2010-08-15 at 22:15 +0430, Ali Asghar Toraby Parizy wrote:
all files (web pages, pictures, and exe files) and folders in a directory
should be protected against anonymous users.
I create an application with php and mysql for registered users. when a user
registers it's information will be saved in database and its username and
password will be added to .htpass file. so registered users can reach
protected area.
But browser prompts login dialog, when users want to access this folder. How
can I run login process with php.
Thanks
On Sat, Aug 14, 2010 at 4:23 PM, chris h chris...@gmail.com wrote:
it sounds as if apache - or whatever your http server is - is not aware of
your php script. All apache knows is that someone is trying to access a
directory or file that is protected, it does not know that it should send
that request to the php script for a login.
What are the protected resources that you want a login for?
On Sat, Aug 14, 2010 at 1:52 AM, Ali Asghar Toraby Parizy
aliasghar.tor...@gmail.com wrote:
Hi
The php script is in another folder. I set PHP_AUTH_USER and 'PHP_AUTH_PW
in login script then try to open the file in the protected directory. the
php file is not in the protected realm.
On Sat, Aug 14, 2010 at 3:26 AM, chris h chris...@gmail.com wrote:
Based off what your saying my guess is that the request is not hitting
your php script.
Is the php script in the protected directory? If so what is it's file
name and what url are you hitting for the test?
Chris.
On Fri, Aug 13, 2010 at 6:21 PM, Ali Asghar Toraby Parizy
aliasghar.tor...@gmail.com wrote:
Hi. I have a protected directory in my host. I have configured .htaccess
successfully and it works prefect.
Now I'm looking for a solution to login and logout by a php script.
In my site I have a login page. In that page I set 'PHP_AUTH_USER' and '
PHP_AUTH_PW'. but when I try to open protected directory, user
authentication dialog appears.
How can I do this? What is my error?
--
Ali Asghar Torabi
--
Ali Asghar Torabi
--
Ali Asghar Torabi
The two login processes are separate from each other. The .htaccess
method is handled by Apache, completely apart from PHP. I believe it is
possible, but is unreliable because of the way different browser/server
combinations behave.
Your best bet is to store these files outside of web route, and access
them with a URL like this:
file.php?id=123456
your web route might be something like /var/www/html/yoursite
(where /var/www/html is the web root)
your documents and secure files could be at /var/www/files/yoursite
In your DB, the file id 123456 maps to a specific file on the hosting.
This file isn't accessible from the web normally, so PHP will have to
use something like fpassthru() to open dump the contents to the browser
(obviously sending the correct header() mime type, etc). The advantage
to this is you can use your PHP login system, and check each file
download attempt against the session to ensure they are a valid user who
should be able to access this file. Also, the obfuscation of the
filename means that someone is less likely to guess at a filename. The
id itself can be anything from a hash of the filename to an auto
increment id in the DB.
Thanks,
Ash
http://www.ashleysheridan.co.uk
