httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Deeley <chrisdeele...@gmail.com>
Subject Re: [users@httpd] HTTP AUTH
Date Tue, 27 Dec 2005 13:21:40 GMT
Hi

Theres no way of passing info from a form to set the variables 'HTTP_AUTH_USER'
ad HTTP_AUTH_USER but I have found a way around it but never put it into
practice yet.
You can still use your existing form to login and create a session variable
as their user name eg $_SESSION['username'] = 'user1'

Then, lets say you have a folder www.example.com/user1 which you want to
restrict access to 'user1' only, in the folder user1, create a .htaccess
file with the following info

AddHandler verifyuser .gif
AddHandler verify .jpg
// add extra lines for other file types etc
Action verify /login/verify.user1.php
//this is relative to the root of your website ie
www.yousite.com/login/verify.user1.php

Then each time the user accesses a .jpg, .gif file etc, it will first go
through the verify.user1.php script.
verify.user1.php needs to be written as follows


<?php
if ($_SESSION['username'] == "user1"){
$file = $_SERVER["PATH_TRANSLATED"];
readfile($file);
}else{
echo 'invalid username'
}

?>

Basically this will display the original file they were trying to access if
there username is user1 otherwise it will display the message *invalid
username*.

For other user folders eg www.yoursite.com/user2 , you will have to again
add a htaccess file in the folder and use the *add handler *as above to link
to a script like verify.user2.php

Hope this helps

Regards, Chris.

Mime
View raw message