.htaccess authentication

[TWM]

How would i go about makeing a directory avaliable only to the people how got to it from a certain url?

For example: The only way a user could get to www.example.com/directory is if they came from www.example.com/login.php. login.php would be the verification script in php and all the .htaccess would do it prevent someone from just going to the folder by typing in the url


Thanks!

 

[Domains4u]

I was actually going to post the same thing! Im glad someone posted this. Hope you get the help you need as im looking for the same answer.

 

[Tree]

You could make an index.php inside /directory and have it check authentication.

But I don't know of an .htaccess method.

 

[TWM]

Tree,
Good idea. Before i go hunt for one, would you happen to have a script that you like?

 

[Amnezia]

in .htaccess use

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://www.example.com/login.php$
RewriteRule ^.*$ - [NC,L]

if you wanted it to work exactly as you have described you would use

RewriteEngine On

RewriteCond %{THE_REQUEST} directory
RewriteCond %{HTTP_REFERER} !^http://www.example.com/login.php$
RewriteRule ^.*$ - [NC,L]

 

[TWM]

Thanks for the help, but that did not do anything. I could still go directly to the directory without having to come from login.php

 

[{insert name here}]

Why don't you just use .htaccess and .htpasswd to gain access to the folder

 

[TWM]

I would like the login form to be on the website design.

 

[{insert name here}]

Is this login to access pages, or to access files for download?

 

[iNod]

A little bit of PHP to include the file as a attachment and

AuthGroupFile /dev/null
AuthName Downloads
AuthType Basic

<Limit GET POST PUT>
deny from all
</Limit>

In .htaccess will work just fine.

- Steve

 

[{insert name here}]

A little bit of PHP to include the file as a attachment and

AuthGroupFile /dev/null
AuthName Downloads
AuthType Basic

<Limit GET POST PUT>
deny from all
</Limit>

In .htaccess will work just fine.

- Steve

Thats what I was going to say for files, if he wanted to have them access files, but will that also work to have them login to that folder, and browse pages? I am not sure if it will, I am probably wrong though.

 

[Tree]

Tree,
Good idea. Before i go hunt for one, would you happen to have a script that you like?

Sorry for the late reply. Here's what I currently have set up on many of my pages.

<?

require_once("functions.inc.php");
/*	File:			login.php
*	Author:			Trevor Goodyear
*	Company:			NeonCube Internet Solutions
*	Purpose:			Logs a user into the site
*/

session_start();
dbConnect();

switch($_GET[act]){

default:
case "login":
	$newUsername = strtolower($_POST[username]);
	$newPassword = base64_encode($_POST[password]);

	if(empty($newUsername) || empty($newPassword))
	{
		$message = "No fields may be empty!";
		include("pages/login.php");
		exit();
	} 
	elseif (isset($_POST['username']) && isset($_POST['password'])) 
	{
		$query = "
SELECT *
FROM `users`
WHERE `u_name` = '".$newUsername."'
AND `u_password` = '".$newPassword."'";
		$result = mysql_query($query);
		if(mysql_num_rows($result) == 0)
		{
			$message = "Invalid username/password combination. Please try again.";
			include("pages/login.php");
			exit();
		}
		$row = mysql_fetch_array($result);
		if ($row['u_name'] == $newUsername && $row['u_password'] = $newPassword) 
		{
			setcookie("c_u_name",$newUsername,time()+3600*24*100);
			setcookie("c_u_id",$row['u_id'],time()+3600*24*100);
			setcookie("c_u_password",$newPassword,time()+3600*24*100);
			$_SESSION = array("s_u_name" => $newUsername, 
			"s_u_id" => $row['u_id'], 
			"s_u_password" => base64_encode($newPassword));
			header("Location: index.php");
		}
	}
	else { echo "THIS LINE SHOULD <b>NOT</b> EXECUTE"; }

case "logout":
	$_SESSION = array();
	session_destroy();
	include("pages/login.php");
	
break;

}
?>

Here's what pertains to logging in on the functions page.

<?
/*	File:		functions.inc.php
*	Author:		Trevor Goodyear
*	Company:		NeonCube Internet Solutions
*	Purpose:		Includes all frequently used functions
*/
$thisFile = "functions.inc.php";
if(eregi($thisFile, $_SERVER['PHP_SELF']))
{
	echo "<b>Error:</b> This file cannot be accessed directly.";
	die();
}

$sqlHost='localhost';
$sqlUser='********';
$sqlPass='********';
$sqlDb = '*********;
global $sqlHost, $sqlUser, $sqlPass, $sqlDb;

function dbConnect(){
	global $sqlHost, $sqlUser, $sqlPass, $sqlDb;
	mysql_connect($sqlHost,$sqlUser,$sqlPass)
		or die("Couldn\'t connect to the database because ".mysql_error());
	mysql_select_db($sqlDb)
		or die("Couldn\'t select database because ".mysql_error());
}

Then on every file in the directory you want to protect, use this

if (empty($_COOKIE["c_u_name"]) && empty($_SESSION["s_u_name"] )
{
	include("../login.php");
	exit();
}

That should work. If you have any questions, just reply here.

 

[TWM]

Thanks for all the help! Thanks alot Tree nice script.