I've done further investigation and it seems that if I go with the approach
of looking for a REMOTE_USER value, I'll have to do the following:
Since Apache only fills out the REMOTE_USER if the file is in a protected
directory, I have to make a symbolic link within a protected directory to
the non-protected script. Then Apache will require authentication for the
file. Thus, both non-authenticated and authenticated users are running the
same script.
Any problems with this approach? My worry is that if the user passes
$REMOTE_USER="FooledYou" in the url, it'll fool my script into thinking
Apache sent it. I'll have to check into that one.
Any better ideas?
-----Original Message-----
From: David Hall
Sent: Tuesday, July 24, 2001 6:15 PM
To: [EMAIL PROTECTED]
Subject: [PHP] .htaccess and determining if a user is
logged in
I'm using Apache .htaccess to require certain users to log
into the system
in order to view certain files. However, on one of my php
scripts, it's not
within the realm of .htaccess protection. How do I determine
if the user
viewing the page is an authenticated user or not? I want to
present these
authenticated users with additional features while viewing
the page. Do I
just check REMOTE_USER for a value? I'm not even sure if
that works.
For the most part, I don't want to really care about any
intensive php link
with user log in's. I like the simple approach of .htaccess.
Any help would be greatly appreciated. Thanks in advance!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
To contact the list administrators, e-mail:
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
