Hi all, since this has been asked a lot the last weeks I've published a nice little script for a generic login system using the HTTP authentication method via the "401 Unauthorized" header.
It is available at http://www.vogelsinger.at/protected.html. Its main features are: - Protects directories - Protects single files in directories that are otherwise not protected, even in the server root folder - Supports multiple "realms" on a directory level - Supports multiple document types by matching a document extension to the correct MIME type - Supports inline display and downloadable files configurable by extension - Supports multiple users with different privileges, on a directory level - Privileges are inherited for subdirectories except when overridden - Standard HTTP Authentication Mechanism - It is not necessary to develop an integrated login system - Supports execution of PHP scripts under the "protected root"! The basic idea is to setup a "shadow tree", outside the web servers directory tree. For example: Web server Shadow tree / (root) / (root) /--public_files /--protected_files /--images /--images By placing a document in the root directory of the shadow tree it will be protected by a login, while still accessible via the standard url http://yourserver/thefile. The same is true for the /images folder; the /protected_folder directory would be protected as a whole. The script works as an error document for the "404 Not Found" error and has been tested with Apache 1.3.27/PHP 4.2.3. User authentication may be freely configured; the script must be modified here to meet the demands of each user. Yes, of course, if a document is effectively not found it serves a standard 404 error... Donated to the public domain :) For support just email me ... I'll try to answer questions whenever I have time. -- >O Ernest E. Vogelsinger (\) ICQ #13394035 ^ http://www.vogelsinger.at/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php