NamePros
Welcome, Guest! Ready to make a name for yourself in the domain business? We welcome both the hobbyist and professional domainer to join the discussion as part of the NamePros community.

Click here to create your profile to start earning reputation for posting, and trader ratings for buying & selling in our free e-marketplace. Build your trader rating with each successful sale. Our system has tracked over 100,000 sales and counting!
FAQ & TOS Register Search Today's Posts Mark Forums Read

Go Back   NamePros.com > Website Development Discussion Forums > Programming
Reload this Page .htaccess authentication

Programming PHP, Perl, Ruby on Rails, AJAX, HTML, XHTML, CSS, JavaScript, MySQL and any other coding topics.

Advanced Search


Closed Thread
 
LinkBack Thread Tools
Old 02-11-2006, 02:46 PM THREAD STARTER               #1 (permalink)
TWM
Web Marketing Specialist
Join Date: Oct 2003
Location: Texas, USA
Posts: 1,335
TWM is a jewel in the roughTWM is a jewel in the roughTWM is a jewel in the rough
 



.htaccess authentication


How would i go about makeing a directory avaliable only to the people how got to it from a certain url?

For example: The only way a user could get to www.example.com/directory is if they came from www.example.com/login.php. login.php would be the verification script in php and all the .htaccess would do it prevent someone from just going to the folder by typing in the url


Thanks!
TWM is offline  
Old 02-11-2006, 02:58 PM   #2 (permalink)
Account Suspended
 
Domains4u's Avatar
Join Date: Nov 2005
Location: www.TFFH.net
Posts: 280
Domains4u has a spectacular aura aboutDomains4u has a spectacular aura about
 



I was actually going to post the same thing! Im glad someone posted this. Hope you get the help you need as im looking for the same answer.
Domains4u is offline  
Old 02-11-2006, 03:45 PM   #3 (permalink)
NamePros Regular
 
Tree's Avatar
Join Date: Feb 2006
Location: Atlanta, GA, USA
Posts: 335
Tree will become famous soon enoughTree will become famous soon enough
 



You could make an index.php inside /directory and have it check authentication.

But I don't know of an .htaccess method.
Tree is offline  
Old 02-11-2006, 03:55 PM THREAD STARTER               #4 (permalink)
TWM
Web Marketing Specialist
Join Date: Oct 2003
Location: Texas, USA
Posts: 1,335
TWM is a jewel in the roughTWM is a jewel in the roughTWM is a jewel in the rough
 



Tree,
Good idea. Before i go hunt for one, would you happen to have a script that you like?
TWM is offline  
Old 02-11-2006, 04:21 PM   #5 (permalink)
Professional Monkey
 
Amnezia's Avatar
Join Date: Jul 2005
Location: Escaped from the zoo
Posts: 907
Amnezia has a spectacular aura aboutAmnezia has a spectacular aura about
 


Cancer Survivorship Save a Life
in .htaccess use

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://www.example.com/login.php$
RewriteRule ^.*$ - [NC,L]

if you wanted it to work exactly as you have described you would use

RewriteEngine On

RewriteCond %{THE_REQUEST} directory
RewriteCond %{HTTP_REFERER} !^http://www.example.com/login.php$
RewriteRule ^.*$ - [NC,L]
__________________
Webmaster Words
Amnezia is offline  
Old 02-11-2006, 05:02 PM THREAD STARTER               #6 (permalink)
TWM
Web Marketing Specialist
Join Date: Oct 2003
Location: Texas, USA
Posts: 1,335
TWM is a jewel in the roughTWM is a jewel in the roughTWM is a jewel in the rough
 



Thanks for the help, but that did not do anything. I could still go directly to the directory without having to come from login.php
TWM is offline  
Old 02-11-2006, 06:23 PM   #7 (permalink)
Senior Member
 
{insert name here}'s Avatar
Join Date: Dec 2004
Posts: 1,304
{insert name here} is a glorious beacon of light{insert name here} is a glorious beacon of light{insert name here} is a glorious beacon of light{insert name here} is a glorious beacon of light{insert name here} is a glorious beacon of light
 


Breast Cancer
Why don't you just use .htaccess and .htpasswd to gain access to the folder
__________________
You got no time for the messenger,
got no regard for the thing that you don't understand,
you got no fear of the underdog,
that's why you will not survive!
{insert name here} is offline  
Old 02-11-2006, 06:35 PM THREAD STARTER               #8 (permalink)
TWM
Web Marketing Specialist
Join Date: Oct 2003
Location: Texas, USA
Posts: 1,335
TWM is a jewel in the roughTWM is a jewel in the roughTWM is a jewel in the rough
 



I would like the login form to be on the website design.
TWM is offline  
Old 02-11-2006, 10:09 PM   #9 (permalink)
Senior Member
 
{insert name here}'s Avatar
Join Date: Dec 2004
Posts: 1,304
{insert name here} is a glorious beacon of light{insert name here} is a glorious beacon of light{insert name here} is a glorious beacon of light{insert name here} is a glorious beacon of light{insert name here} is a glorious beacon of light
 


Breast Cancer
Is this login to access pages, or to access files for download?
__________________
You got no time for the messenger,
got no regard for the thing that you don't understand,
you got no fear of the underdog,
that's why you will not survive!
{insert name here} is offline  
Old 02-11-2006, 11:28 PM   #10 (permalink)
Eating Pie
 
iNod's Avatar
Join Date: Nov 2004
Location: Canada
Posts: 2,272
iNod has much to be proud ofiNod has much to be proud ofiNod has much to be proud ofiNod has much to be proud ofiNod has much to be proud ofiNod has much to be proud ofiNod has much to be proud ofiNod has much to be proud ofiNod has much to be proud ofiNod has much to be proud of
 


Special Olympics AIDS/HIV Cystic Fibrosis Save The Children Baby Health Cystic Fibrosis
A little bit of PHP to include the file as a attachment and

AuthGroupFile /dev/null
AuthName Downloads
AuthType Basic

<Limit GET POST PUT>
deny from all
</Limit>

In .htaccess will work just fine.

- Steve
__________________
I feel old.
iNod is offline  
Old 02-12-2006, 12:00 AM   #11 (permalink)
Senior Member
 
{insert name here}'s Avatar
Join Date: Dec 2004
Posts: 1,304
{insert name here} is a glorious beacon of light{insert name here} is a glorious beacon of light{insert name here} is a glorious beacon of light{insert name here} is a glorious beacon of light{insert name here} is a glorious beacon of light
 


Breast Cancer
Originally Posted by iNod
A little bit of PHP to include the file as a attachment and
????: NamePros.com http://www.namepros.com/programming/166633-htaccess-authentication.html

AuthGroupFile /dev/null
AuthName Downloads
AuthType Basic

<Limit GET POST PUT>
deny from all
</Limit>

In .htaccess will work just fine.

- Steve
Thats what I was going to say for files, if he wanted to have them access files, but will that also work to have them login to that folder, and browse pages? I am not sure if it will, I am probably wrong though.
__________________
You got no time for the messenger,
got no regard for the thing that you don't understand,
you got no fear of the underdog,
that's why you will not survive!
{insert name here} is offline  
Old 02-17-2006, 06:43 PM   #12 (permalink)
NamePros Regular
 
Tree's Avatar
Join Date: Feb 2006
Location: Atlanta, GA, USA
Posts: 335
Tree will become famous soon enoughTree will become famous soon enough
 



Originally Posted by idevisedesign
Tree,
Good idea. Before i go hunt for one, would you happen to have a script that you like?
Sorry for the late reply. Here's what I currently have set up on many of my pages.

PHP Code:
<?

require_once("functions.inc.php");
/*    File:            login.php
*    Author:            Trevor Goodyear
*    Company:            NeonCube Internet Solutions
*    Purpose:            Logs a user into the site
*/

session_start();
dbConnect();

switch(
$_GET[act]){

default:
case 
"login":
    
$newUsername strtolower($_POST[username]);
    
$newPassword base64_encode($_POST[password]);

    if(empty(
$newUsername) || empty($newPassword))
    {
        
$message "No fields may be empty!";
????: NamePros.com http://www.namepros.com/showthread.php?t=166633
        include(
"pages/login.php");
        exit();
    } 
    elseif (isset(
$_POST['username']) && isset($_POST['password'])) 
    {
        
$query "
SELECT *
FROM `users`
WHERE `u_name` = '"
.$newUsername."'
AND `u_password` = '"
.$newPassword."'";
        
$result mysql_query($query);
        if(
mysql_num_rows($result) == 0)
        {
            
$message "Invalid username/password combination. Please try again.";
            include(
"pages/login.php");
            exit();
        }
        
$row mysql_fetch_array($result);
        if (
$row['u_name'] == $newUsername && $row['u_password'] = $newPassword
        {
            
setcookie("c_u_name",$newUsername,time()+3600*24*100);
            
setcookie("c_u_id",$row['u_id'],time()+3600*24*100);
            
setcookie("c_u_password",$newPassword,time()+3600*24*100);
            
$_SESSION = array("s_u_name" => $newUsername
            
"s_u_id" => $row['u_id'], 
            
"s_u_password" => base64_encode($newPassword));
            
header("Location: index.php");
        }
    }
    else { echo 
"THIS LINE SHOULD <b>NOT</b> EXECUTE"; }

case 
"logout":
    
$_SESSION = array();
    
session_destroy();
    include(
"pages/login.php");
    
break;

}
?>
Here's what pertains to logging in on the functions page.

PHP Code:
<?
/*    File:        functions.inc.php
*    Author:        Trevor Goodyear
*    Company:        NeonCube Internet Solutions
*    Purpose:        Includes all frequently used functions
*/
$thisFile "functions.inc.php";
if(
eregi($thisFile$_SERVER['PHP_SELF']))
{
    echo 
"<b>Error:</b> This file cannot be accessed directly.";
    die();
}

$sqlHost='localhost';
$sqlUser='********';
$sqlPass='********';
$sqlDb '*********;
global $sqlHost, $sqlUser, $sqlPass, $sqlDb;

function dbConnect(){
    global $sqlHost, $sqlUser, $sqlPass, $sqlDb;
    mysql_connect($sqlHost,$sqlUser,$sqlPass)
        or die("Couldn\'t connect to the database because ".mysql_error());
    mysql_select_db($sqlDb)
        or die("Couldn\'t select database because ".mysql_error());
}
Then on every file in the directory you want to protect, use this

PHP Code:
if (empty($_COOKIE["c_u_name"]) && empty($_SESSION["s_u_name"] )
????: NamePros.com http://www.namepros.com/showthread.php?t=166633
{
    include(
"../login.php");
    exit();

That should work. If you have any questions, just reply here.
Tree is offline  
Old 02-17-2006, 08:14 PM THREAD STARTER               #13 (permalink)
TWM
Web Marketing Specialist
Join Date: Oct 2003
Location: Texas, USA
Posts: 1,335
TWM is a jewel in the roughTWM is a jewel in the roughTWM is a jewel in the rough
 



Thanks for all the help! Thanks alot Tree nice script.
TWM is offline  
Closed Thread


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
SEO with mod_rewrite and .htaccess cDizzle CODE 1 01-08-2006 02:50 AM
$15 for a .htaccess file - Precise criteria required mholt Web Development Wanted 1 11-06-2005 10:16 PM
Using mod_rewrite and a .htaccess to do some redirection... 25 NP$ REWARD mholt Programming 0 09-21-2005 03:15 PM
.htaccess + Domain Parking wistow Programming 15 07-04-2005 09:46 AM
.htaccess D@Z Web Design Discussion 5 04-27-2005 09:27 PM

Liquid Web Smart Servers  
All times are GMT -7. The time now is 09:52 PM.

Managed Web Hosting by Liquid Web
Domain name forum recommended by Domaining.com Powered by: vBulletin® Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.6.0 Ad Management plugin by RedTyger