[PHP] Re: interact with .htaccess
what I mean is if you can create a form page in PHP prompting for a username and password and then redirect into an .htaccess protected directory without having the server pop up another username/password box? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: interact with .htaccess
ok, I change my question, how do I protect downloadable files from users that are not valid? without the use of htaccess? "Peter Berglund" <[EMAIL PROTECTED]> skrev i meddelandet news:[EMAIL PROTECTED] > I want to send user and password from php to a protected directory. > For example: If I go directly to the directory I get a popup to enter user > and password, the normallt way. > > But if I go through a php-script that checks if I'm a valid user from a > database I will get access to the folder. > > So i need a way to send user/password from php to the .htaccess file. > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: interact with .htaccess
you could redirect to http://username:[EMAIL PROTECTED]/foo > what I mean is if you can create a form page > in PHP prompting for a username and password and then redirect into > an .htaccess protected directory without having the server pop up another > username/password box? -- Adrian mailto:[EMAIL PROTECTED] www: http://www.planetcoding.net www: http://www.webskyline.de -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: interact with .htaccess
At 13:04 15.06.2003, Adrian said: [snip] >you could redirect to http://username:[EMAIL PROTECTED]/foo [snip] with the drawback that your highly sensitive account information is visible at the URL and will be stored in anyone's history files. Well... why protect it anyway? -- >O Ernest E. Vogelsinger (\)ICQ #13394035 ^ http://www.vogelsinger.at/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: interact with .htaccess
I think what you really want to do is place your downloadable files in a directory that is not in your httpd's document root and use a password protected PHP script to access these files and send them to the user after authentication. I think you could accomplish this with the fpassthru() function and the correct header. htaccess is just going to get in your way. You've got to make sure that the user that your httpd runs as has permission to access /path/to/directory/not/in/httpd/doc/root/ James On Sunday 15 June 2003 10:32 am, Peter Berglund wrote: > ok, I change my question, how do I protect downloadable files from users > that are not valid? > without the use of htaccess? > > "Peter Berglund" <[EMAIL PROTECTED]> skrev i meddelandet > news:[EMAIL PROTECTED] > > > I want to send user and password from php to a protected directory. > > For example: If I go directly to the directory I get a popup to enter > > user and password, the normallt way. > > > > But if I go through a php-script that checks if I'm a valid user from a > > database I will get access to the folder. > > > > So i need a way to send user/password from php to the .htaccess file. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: interact with .htaccess
At 16:32 15.06.2003, Peter Berglund said: [snip] >ok, I change my question, how do I protect downloadable files from users >that are not valid? >without the use of htaccess? [snip] Have a look at an example on my server: http://www.vogelsinger.at/protected.html This should do just what you need, some explanations are within the source code. -- >O Ernest E. Vogelsinger (\)ICQ #13394035 ^ http://www.vogelsinger.at/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: interact with .htaccess
See this article: http://www.zend.com/zend/trick/tricks-august-2001.php It got me well on the way to understanding this. You will need to combine with some sort of user/session/login management script, but there are hundreds of articles on the web about this. Personally, I started with an article by Kevin Yank on sitepoint.com, but it's now pretty out of date (pre register globals off)... I doubt there's even one line of code left that is his... as my understanding grew, I built things the way I wanted. There are definitely a few articles to help you with this on zend.com as well, eg: http://www.zend.com/zend/tut/ Trust me, take a little bit of time to learn what's going on with session based authentication, then a little more understanding how to protect and download files, then blend them together. Not only will you have source code that you completely understand, you'll also have exactly what you want, with the power to extend it as you wish. Justin French - Indent.com.au - Graphic, Web & Information Design Web Application Development - e: mailto:[EMAIL PROTECTED] w: http://www.indent.com.au t: 03 9531 4304 (+61 3 9531 4304) m: 0414 243 462 (+61 414 243 462) - on 16/06/03 12:32 AM, Peter Berglund ([EMAIL PROTECTED]) wrote: > ok, I change my question, how do I protect downloadable files from users > that are not valid? > without the use of htaccess? > > "Peter Berglund" <[EMAIL PROTECTED]> skrev i meddelandet > news:[EMAIL PROTECTED] >> I want to send user and password from php to a protected directory. >> For example: If I go directly to the directory I get a popup to enter user >> and password, the normallt way. >> >> But if I go through a php-script that checks if I'm a valid user from a >> database I will get access to the folder. >> >> So i need a way to send user/password from php to the .htaccess file. >> >> > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
