Restricting Access With .htaccess

TWM · 08-28-2005, 11:32 AM

How would i go about only letting people have access to a certain area when they arive there from a certain place?

EX:

I have a members only area. You login by filling out a simple script, and its processed in login.php. When you login it directs you to another url... mywebsite.com/membersarea. Nothing is secure, so you could just go to that URL without logging in...noone knows that, but they could figure it out.

I want to use .htaccess so that the only way you can view that directory is if you come FROM mywebsite.com/login.php. Can this be done?

vip-ip · 08-28-2005, 11:37 AM

Here's a very thorough tut for ya

http://www.technotrade.com/htaccess.html

TWM · 08-28-2005, 05:03 PM

Not really what i need... i basically need it to do this:

If a user comes from a certain file, give access. If it comes from ANY other place, restrict access.

slantednet · 08-31-2005, 08:15 PM

Using the REFERER of the browser is insecure, people can set the REFERER field, and it's not reliable.

You can do other options, such as within the login script, after a successful login, insert their IP address and username in a "current_connections" table. Pass the username to the members area page when you redirect and very first thing in the members area page verify that the connection for the username is coming from the same IP (hence, they went through the login page successfully). Of course, you'd have to remove them from the "current_connections" table either when they manually log out of the system, and have a method of removing "stale" logins from the system as well...
????: NamePros.com http://www.namepros.com/programming/119357-restricting-access-with-htaccess.html

Then, if they bypass the login script and go right to the members page and they haven't gone through the login script, the members page will see their username/IP pair isn't in the current_connections table and you can redir them back to the login page.

And this keeps it all server-side, which avoids the pitfalls of using cookies...

hmm... that took more time to explain that it would have to just write.. lol..

08-28-2005, 11:32 AM	THREAD STARTER #1 (permalink)
TWM Web Marketing Specialist Join Date: Oct 2003 Location: Texas, USA Posts: 1,335	Restricting Access With .htaccess How would i go about only letting people have access to a certain area when they arive there from a certain place? EX: I have a members only area. You login by filling out a simple script, and its processed in login.php. When you login it directs you to another url... mywebsite.com/membersarea. Nothing is secure, so you could just go to that URL without logging in...noone knows that, but they could figure it out. I want to use .htaccess so that the only way you can view that directory is if you come FROM mywebsite.com/login.php. Can this be done? __________________ TargetedWebMarketing.com : Web Marketing Plans - Search Engine Optimization - Online Promotion coraltanks.com l Corporate Quarters

08-28-2005, 05:03 PM	THREAD STARTER #3 (permalink)
TWM Web Marketing Specialist Join Date: Oct 2003 Location: Texas, USA Posts: 1,335	Not really what i need... i basically need it to do this: If a user comes from a certain file, give access. If it comes from ANY other place, restrict access. __________________ TargetedWebMarketing.com : Web Marketing Plans - Search Engine Optimization - Online Promotion coraltanks.com l Corporate Quarters

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
help restricting access on server	bdd	Programming	1	05-27-2005 02:07 AM
Chapter 15 Access Logs & Stats	WebForging	Webmaster Tutorials	1	05-25-2005 06:06 PM
paypal - limited access - me	dotcommakers	The Break Room	8	04-06-2005 05:53 PM
Hosting and Resellers !BIG SALE!	websoft	Web Hosting Offers	0	03-21-2005 02:27 AM
Adding FrontPage users and determining their access!	priyanka[imported]	Web Hosting Discussion	0	12-16-2004 08:14 PM

08-28-2005, 11:37 AM	#2 (permalink)
vip-ip Account Suspended Join Date: Jan 2005 Location: root@localhost Posts: 4,011	Here's a very thorough tut for ya http://www.technotrade.com/htaccess.html

08-31-2005, 08:15 PM	#4 (permalink)
slantednet NamePros Regular Join Date: Aug 2005 Posts: 214	Using the REFERER of the browser is insecure, people can set the REFERER field, and it's not reliable. You can do other options, such as within the login script, after a successful login, insert their IP address and username in a "current_connections" table. Pass the username to the members area page when you redirect and very first thing in the members area page verify that the connection for the username is coming from the same IP (hence, they went through the login page successfully). Of course, you'd have to remove them from the "current_connections" table either when they manually log out of the system, and have a method of removing "stale" logins from the system as well... ????: NamePros.com http://www.namepros.com/programming/119357-restricting-access-with-htaccess.html Then, if they bypass the login script and go right to the members page and they haven't gone through the login script, the members page will see their username/IP pair isn't in the current_connections table and you can redir them back to the login page. And this keeps it all server-side, which avoids the pitfalls of using cookies... hmm... that took more time to explain that it would have to just write.. lol..

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)