.htaccess authentication

TWM · 02-11-2006, 02:46 PM

How would i go about makeing a directory avaliable only to the people how got to it from a certain url?

For example: The only way a user could get to www.example.com/directory is if they came from www.example.com/login.php. login.php would be the verification script in php and all the .htaccess would do it prevent someone from just going to the folder by typing in the url

Thanks!

Domains4u · 02-11-2006, 02:58 PM

I was actually going to post the same thing! Im glad someone posted this. Hope you get the help you need as im looking for the same answer.

Tree · 02-11-2006, 03:45 PM

You could make an index.php inside /directory and have it check authentication.

But I don't know of an .htaccess method.

TWM · 02-11-2006, 03:55 PM

Tree,
Good idea. Before i go hunt for one, would you happen to have a script that you like?

Amnezia · 02-11-2006, 04:21 PM

in .htaccess use

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://www.example.com/login.php$
RewriteRule ^.*$ - [NC,L]

if you wanted it to work exactly as you have described you would use

RewriteEngine On

RewriteCond %{THE_REQUEST} directory
RewriteCond %{HTTP_REFERER} !^http://www.example.com/login.php$
RewriteRule ^.*$ - [NC,L]

TWM · 02-11-2006, 05:02 PM

Thanks for the help, but that did not do anything. I could still go directly to the directory without having to come from login.php

{insert name here} · 02-11-2006, 06:23 PM

Why don't you just use .htaccess and .htpasswd to gain access to the folder

TWM · 02-11-2006, 06:35 PM

I would like the login form to be on the website design.

{insert name here} · 02-11-2006, 10:09 PM

Is this login to access pages, or to access files for download?

iNod · 02-11-2006, 11:28 PM

A little bit of PHP to include the file as a attachment and

AuthGroupFile /dev/null
AuthName Downloads
AuthType Basic

<Limit GET POST PUT>
deny from all
</Limit>

In .htaccess will work just fine.

- Steve

{insert name here} · 02-12-2006, 12:00 AM

Originally Posted by iNod

A little bit of PHP to include the file as a attachment and
????: NamePros.com http://www.namepros.com/programming/166633-htaccess-authentication.html

AuthGroupFile /dev/null
AuthName Downloads
AuthType Basic

<Limit GET POST PUT>
deny from all
</Limit>

In .htaccess will work just fine.

- Steve

Thats what I was going to say for files, if he wanted to have them access files, but will that also work to have them login to that folder, and browse pages? I am not sure if it will, I am probably wrong though.

Tree · 02-17-2006, 06:43 PM

Originally Posted by idevisedesign

Tree,
Good idea. Before i go hunt for one, would you happen to have a script that you like?

Sorry for the late reply. Here's what I currently have set up on many of my pages.

PHP Code:

  <?

 
require_once("functions.inc.php");

/*    File:            login.php

*    Author:            Trevor Goodyear

*    Company:            NeonCube Internet Solutions

*    Purpose:            Logs a user into the site

*/

 
session_start();

dbConnect();

 
switch($_GET[act]){

 
default:

case "login":

    $newUsername = strtolower($_POST[username]);

    $newPassword = base64_encode($_POST[password]);

 
    if(empty($newUsername) || empty($newPassword))

    {

        $message = "No fields may be empty!";

????: NamePros.com http://www.namepros.com/showthread.php?t=166633
        include("pages/login.php");

        exit();

    } 

    elseif (isset($_POST['username']) && isset($_POST['password'])) 

    {

        $query = "

SELECT *

FROM `users`

WHERE `u_name` = '".$newUsername."'

AND `u_password` = '".$newPassword."'";

        $result = mysql_query($query);

        if(mysql_num_rows($result) == 0)

        {

            $message = "Invalid username/password combination. Please try again.";

            include("pages/login.php");

            exit();

        }

        $row = mysql_fetch_array($result);

        if ($row['u_name'] == $newUsername && $row['u_password'] = $newPassword) 

        {

            setcookie("c_u_name",$newUsername,time()+3600*24*100);

            setcookie("c_u_id",$row['u_id'],time()+3600*24*100);

            setcookie("c_u_password",$newPassword,time()+3600*24*100);

            $_SESSION = array("s_u_name" => $newUsername, 

            "s_u_id" => $row['u_id'], 

            "s_u_password" => base64_encode($newPassword));

            header("Location: index.php");

        }

    }

    else { echo "THIS LINE SHOULD <b>NOT</b> EXECUTE"; }

 
case "logout":

    $_SESSION = array();

    session_destroy();

    include("pages/login.php");

    

break;

 
}

?>

Here's what pertains to logging in on the functions page.

PHP Code:

  <?

/*    File:        functions.inc.php

*    Author:        Trevor Goodyear

*    Company:        NeonCube Internet Solutions

*    Purpose:        Includes all frequently used functions

*/

$thisFile = "functions.inc.php";

if(eregi($thisFile, $_SERVER['PHP_SELF']))

{

    echo "<b>Error:</b> This file cannot be accessed directly.";

    die();

}

 
$sqlHost='localhost';

$sqlUser='********';

$sqlPass='********';

$sqlDb = '*********;

global $sqlHost, $sqlUser, $sqlPass, $sqlDb;

 
function dbConnect(){

    global $sqlHost, $sqlUser, $sqlPass, $sqlDb;

    mysql_connect($sqlHost,$sqlUser,$sqlPass)

        or die("Couldn\'t connect to the database because ".mysql_error());

    mysql_select_db($sqlDb)

        or die("Couldn\'t select database because ".mysql_error());

}

Then on every file in the directory you want to protect, use this

PHP Code:

  if (empty($_COOKIE["c_u_name"]) && empty($_SESSION["s_u_name"] )

????: NamePros.com http://www.namepros.com/showthread.php?t=166633
{

    include("../login.php");

    exit();

}

That should work. If you have any questions, just reply here.

TWM · 02-17-2006, 08:14 PM

Thanks for all the help! Thanks alot Tree nice script.

02-11-2006, 02:46 PM	THREAD STARTER #1 (permalink)
TWM Web Marketing Specialist Join Date: Oct 2003 Location: Texas, USA Posts: 1,335	.htaccess authentication How would i go about makeing a directory avaliable only to the people how got to it from a certain url? For example: The only way a user could get to www.example.com/directory is if they came from www.example.com/login.php. login.php would be the verification script in php and all the .htaccess would do it prevent someone from just going to the folder by typing in the url Thanks! __________________ TargetedWebMarketing.com : Web Marketing Plans - Search Engine Optimization - Online Promotion coraltanks.com l Corporate Quarters

02-11-2006, 03:55 PM	THREAD STARTER #4 (permalink)
TWM Web Marketing Specialist Join Date: Oct 2003 Location: Texas, USA Posts: 1,335	Tree, Good idea. Before i go hunt for one, would you happen to have a script that you like? __________________ TargetedWebMarketing.com : Web Marketing Plans - Search Engine Optimization - Online Promotion coraltanks.com l Corporate Quarters

02-11-2006, 04:21 PM	#5 (permalink)
Amnezia Professional Monkey Join Date: Jul 2005 Location: Escaped from the zoo Posts: 907	in .htaccess use RewriteEngine On RewriteCond %{HTTP_REFERER} !^http://www.example.com/login.php$ RewriteRule ^.$ - [NC,L] if you wanted it to work exactly as you have described you would use RewriteEngine On RewriteCond %{THE_REQUEST} directory RewriteCond %{HTTP_REFERER} !^http://www.example.com/login.php$ RewriteRule ^.$ - [NC,L] __________________ Webmaster Words

02-11-2006, 05:02 PM	THREAD STARTER #6 (permalink)
TWM Web Marketing Specialist Join Date: Oct 2003 Location: Texas, USA Posts: 1,335	Thanks for the help, but that did not do anything. I could still go directly to the directory without having to come from login.php __________________ TargetedWebMarketing.com : Web Marketing Plans - Search Engine Optimization - Online Promotion coraltanks.com l Corporate Quarters

02-11-2006, 06:23 PM	#7 (permalink)
{insert name here} Senior Member Join Date: Dec 2004 Posts: 1,304	Why don't you just use .htaccess and .htpasswd to gain access to the folder __________________ You got no time for the messenger, got no regard for the thing that you don't understand, you got no fear of the underdog, that's why you will not survive!

02-11-2006, 02:58 PM	#2 (permalink)
Domains4u Account Suspended Join Date: Nov 2005 Location: www.TFFH.net Posts: 280	I was actually going to post the same thing! Im glad someone posted this. Hope you get the help you need as im looking for the same answer.

02-11-2006, 03:45 PM	#3 (permalink)
Tree NamePros Regular Join Date: Feb 2006 Location: Atlanta, GA, USA Posts: 335	You could make an index.php inside /directory and have it check authentication. But I don't know of an .htaccess method.

02-11-2006, 06:35 PM	THREAD STARTER #8 (permalink)
TWM Web Marketing Specialist Join Date: Oct 2003 Location: Texas, USA Posts: 1,335	I would like the login form to be on the website design. __________________ TargetedWebMarketing.com : Web Marketing Plans - Search Engine Optimization - Online Promotion coraltanks.com l Corporate Quarters

02-11-2006, 10:09 PM	#9 (permalink)
{insert name here} Senior Member Join Date: Dec 2004 Posts: 1,304	Is this login to access pages, or to access files for download? __________________ You got no time for the messenger, got no regard for the thing that you don't understand, you got no fear of the underdog, that's why you will not survive!

02-11-2006, 11:28 PM	#10 (permalink)
iNod Eating Pie Join Date: Nov 2004 Location: Canada Posts: 2,272	A little bit of PHP to include the file as a attachment and AuthGroupFile /dev/null AuthName Downloads AuthType Basic <Limit GET POST PUT> deny from all </Limit> In .htaccess will work just fine. - Steve __________________ I feel old.

02-17-2006, 08:14 PM	THREAD STARTER #13 (permalink)
TWM Web Marketing Specialist Join Date: Oct 2003 Location: Texas, USA Posts: 1,335	Thanks for all the help! Thanks alot Tree nice script. __________________ TargetedWebMarketing.com : Web Marketing Plans - Search Engine Optimization - Online Promotion coraltanks.com l Corporate Quarters

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
SEO with mod_rewrite and .htaccess	cDizzle	CODE	1	01-08-2006 02:50 AM
$15 for a .htaccess file - Precise criteria required	mholt	Web Development Wanted	1	11-06-2005 10:16 PM
Using mod_rewrite and a .htaccess to do some redirection... 25 NP$ REWARD	mholt	Programming	0	09-21-2005 03:15 PM
.htaccess + Domain Parking	wistow	Programming	15	07-04-2005 09:46 AM
.htaccess	D@Z	Web Design Discussion	5	04-27-2005 09:27 PM