Re: [PHP] login to protected directory by php
On Mon, 2010-08-16 at 09:27 +0530, kranthi wrote: i would configure apache to let php interpreter handle all kinds of extensions ( http://httpd.apache.org/docs/2.0/mod/mod_mime.html#addhandler ) even then u'll have go through all the steps pointed out by Ash. the only advantage of this method is more user friendly URL That would be very slow and prone to failure. What happens when Apache comes across a binary file that contains ?php inside? It seems unlikely, but I've found the more unlikely something should be, the more often it occurs at just the wrong moment! For example, a document that talks about PHP, or an image that randomly contains those characters as part of the bitmap data? Also, the idea of tying an ID into the DB does still allow you to use friendly URLs, but is the ability to guess filenames really something you want in a security system? It would be more prone to brute force attacking I think. Thanks, Ash http://www.ashleysheridan.co.uk
[PHP] login to protected directory by php
all files (web pages, pictures, and exe files) and folders in a directory should be protected against anonymous users. I create an application with php and mysql for registered users. when a user registers it's information will be saved in database and its username and password will be added to .htpass file. so registered users can reach protected area. But browser prompts login dialog, when users want to access this folder. How can I run login process with php. Thanks On Sat, Aug 14, 2010 at 4:23 PM, chris h chris...@gmail.com wrote: it sounds as if apache - or whatever your http server is - is not aware of your php script. All apache knows is that someone is trying to access a directory or file that is protected, it does not know that it should send that request to the php script for a login. What are the protected resources that you want a login for? On Sat, Aug 14, 2010 at 1:52 AM, Ali Asghar Toraby Parizy aliasghar.tor...@gmail.com wrote: Hi The php script is in another folder. I set PHP_AUTH_USER and 'PHP_AUTH_PW in login script then try to open the file in the protected directory. the php file is not in the protected realm. On Sat, Aug 14, 2010 at 3:26 AM, chris h chris...@gmail.com wrote: Based off what your saying my guess is that the request is not hitting your php script. Is the php script in the protected directory? If so what is it's file name and what url are you hitting for the test? Chris. On Fri, Aug 13, 2010 at 6:21 PM, Ali Asghar Toraby Parizy aliasghar.tor...@gmail.com wrote: Hi. I have a protected directory in my host. I have configured .htaccess successfully and it works prefect. Now I'm looking for a solution to login and logout by a php script. In my site I have a login page. In that page I set 'PHP_AUTH_USER' and ' PHP_AUTH_PW'. but when I try to open protected directory, user authentication dialog appears. How can I do this? What is my error? -- Ali Asghar Torabi -- Ali Asghar Torabi -- Ali Asghar Torabi -- Ali Asghar Torabi
Re: [PHP] login to protected directory by php
On Sun, 2010-08-15 at 22:15 +0430, Ali Asghar Toraby Parizy wrote: all files (web pages, pictures, and exe files) and folders in a directory should be protected against anonymous users. I create an application with php and mysql for registered users. when a user registers it's information will be saved in database and its username and password will be added to .htpass file. so registered users can reach protected area. But browser prompts login dialog, when users want to access this folder. How can I run login process with php. Thanks On Sat, Aug 14, 2010 at 4:23 PM, chris h chris...@gmail.com wrote: it sounds as if apache - or whatever your http server is - is not aware of your php script. All apache knows is that someone is trying to access a directory or file that is protected, it does not know that it should send that request to the php script for a login. What are the protected resources that you want a login for? On Sat, Aug 14, 2010 at 1:52 AM, Ali Asghar Toraby Parizy aliasghar.tor...@gmail.com wrote: Hi The php script is in another folder. I set PHP_AUTH_USER and 'PHP_AUTH_PW in login script then try to open the file in the protected directory. the php file is not in the protected realm. On Sat, Aug 14, 2010 at 3:26 AM, chris h chris...@gmail.com wrote: Based off what your saying my guess is that the request is not hitting your php script. Is the php script in the protected directory? If so what is it's file name and what url are you hitting for the test? Chris. On Fri, Aug 13, 2010 at 6:21 PM, Ali Asghar Toraby Parizy aliasghar.tor...@gmail.com wrote: Hi. I have a protected directory in my host. I have configured .htaccess successfully and it works prefect. Now I'm looking for a solution to login and logout by a php script. In my site I have a login page. In that page I set 'PHP_AUTH_USER' and ' PHP_AUTH_PW'. but when I try to open protected directory, user authentication dialog appears. How can I do this? What is my error? -- Ali Asghar Torabi -- Ali Asghar Torabi -- Ali Asghar Torabi The two login processes are separate from each other. The .htaccess method is handled by Apache, completely apart from PHP. I believe it is possible, but is unreliable because of the way different browser/server combinations behave. Your best bet is to store these files outside of web route, and access them with a URL like this: file.php?id=123456 your web route might be something like /var/www/html/yoursite (where /var/www/html is the web root) your documents and secure files could be at /var/www/files/yoursite In your DB, the file id 123456 maps to a specific file on the hosting. This file isn't accessible from the web normally, so PHP will have to use something like fpassthru() to open dump the contents to the browser (obviously sending the correct header() mime type, etc). The advantage to this is you can use your PHP login system, and check each file download attempt against the session to ensure they are a valid user who should be able to access this file. Also, the obfuscation of the filename means that someone is less likely to guess at a filename. The id itself can be anything from a hash of the filename to an auto increment id in the DB. Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] login to protected directory by php
i would configure apache to let php interpreter handle all kinds of extensions ( http://httpd.apache.org/docs/2.0/mod/mod_mime.html#addhandler ) even then u'll have go through all the steps pointed out by Ash. the only advantage of this method is more user friendly URL -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] login to protected directory by php
Hi. I have a protected directory in my host. I have configured .htaccess successfully and it works prefect. Now I'm looking for a solution to login and logout by a php script. In my site I have a login page. In that page I set 'PHP_AUTH_USER' and ' PHP_AUTH_PW'. but when I try to open protected directory, user authentication dialog appears. How can I do this? What is my error? -- Ali Asghar Torabi
Re: [PHP] login to protected directory by php
Based off what your saying my guess is that the request is not hitting your php script. Is the php script in the protected directory? If so what is it's file name and what url are you hitting for the test? Chris. On Fri, Aug 13, 2010 at 6:21 PM, Ali Asghar Toraby Parizy aliasghar.tor...@gmail.com wrote: Hi. I have a protected directory in my host. I have configured .htaccess successfully and it works prefect. Now I'm looking for a solution to login and logout by a php script. In my site I have a login page. In that page I set 'PHP_AUTH_USER' and ' PHP_AUTH_PW'. but when I try to open protected directory, user authentication dialog appears. How can I do this? What is my error? -- Ali Asghar Torabi