Hi,
I've got some directories that should be accessed via the browser. This
works fine.
To secure a directory I always used the directives in the .htaccess
file. This works aswell.
Now I wrote a little PHP script that looks in a table of a database if
the user is allowed to access the page or not.
So far, so good.
The problem is that (since index.php is automatically called regarding
to the DirectoryIndex directive) the directory
is never listed.
I'm pretty sure that there is a way how to manage this, but
unfortunately I don't get it.
Is there a header request that lists the directory without looking for
the index.html and index.php?
Below is the code of my index.php (DirectoryIndex index.html index.php):
<?
function authenticate() {
$realm = "Test Realm";
Header("WWW-authenticate: basic realm=\"$realm\"");
Header("HTTP/1.0 401 Unauthorized");
// Header("status: 401 Unauthorized"); // This had to be used for
earlier Apache versions
?>
You need a valid user id.
<?
exit;
}
if( !isset( $PHP_AUTH_USER )) {
authenticate();
} else {
$conn = odbc_connect("db", "user", "pwd");
if (!$conn){
?>
<H2>Error connecting to database!</H2>
<?
} else {
$id = strtolower( $PHP_AUTH_USER );
$query = "select * from table where id='$id' and
pwd='$PHP_AUTH_PW'";
$res = odbc_exec( $conn, $query );
if( !odbc_num_rows( $res ))
authenticate();
}
}
echo "Success"; // Here should be a statement that would list the
directory as it would be shown without the index.php file
?>
--
--- Helmut <NoCarrier> Tessarek --- [EMAIL PROTECTED] ---
IBM Certified Solution Expert
Microsoft Certified Systems Engineer (MCP, MCP+I, MCSE)
Karmarschgasse 53/1/3/11, A-1100 Vienna, Austria
----------------- http://www.evermeet.cx -----------------
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
