Dynamic password protection of DIR's?
Moderator: General Moderators
Dynamic password protection of DIR's?
Hi,
I am in the process of writing a php script that dynamically generates a folder/html file via submission of a FORM... this is working very good... but I would like to also like to make every folder password protected...
What would be the best way to dynamically generate simple password protection for each dynamically generated folder?
Basically, what I am doing is, creating bids for possible jobs, and I want each bid to be password protected...
I would like to set it up where all I have to do is enter the user name and password via the same form and upon submission the folder with the html bid is then password protected.
Anyway, hopefully I am being clear... any links and/or suggestions/tips would be nice...
Thanks in advance!
Cheers
Micky
I am in the process of writing a php script that dynamically generates a folder/html file via submission of a FORM... this is working very good... but I would like to also like to make every folder password protected...
What would be the best way to dynamically generate simple password protection for each dynamically generated folder?
Basically, what I am doing is, creating bids for possible jobs, and I want each bid to be password protected...
I would like to set it up where all I have to do is enter the user name and password via the same form and upon submission the folder with the html bid is then password protected.
Anyway, hopefully I am being clear... any links and/or suggestions/tips would be nice...
Thanks in advance!
Cheers
Micky
if you dont want to use a database, you could simply store the user/pass in a php file in the same folder
have your script create a file w/ the follwing contents in thier directory
then, when they want to login,
you could just check if the file exists,
if so, include it,
and then you can do your
if($_POST['password'] === $password) { } etc.....
be very careful when accepting the initial username/password though,
because they could include quotes/backslashes or other stuff that could cause a parse error,
possibly revealing info
maybe just allow a-z and 0-9
you could do something like this before accepting the user and pass
have your script create a file w/ the follwing contents in thier directory
Code: Select all
<?php
$username = 'thier username';
$password = 'thier chosen pass';
?>Code: Select all
<?php
if (they sbmitted a username and password and it is acceptable) {
$login_file = '<?php
$username = "'.$username.'";
$password = "'.$password.'";
?>
';
$fp = @fopen('user_dir/credentials.php', 'w');
if ($fp) {
fwrite($fp, $login_file);
fclose($fp);
}
}
?>you could just check if the file exists,
if so, include it,
and then you can do your
if($_POST['password'] === $password) { } etc.....
be very careful when accepting the initial username/password though,
because they could include quotes/backslashes or other stuff that could cause a parse error,
possibly revealing info
maybe just allow a-z and 0-9
you could do something like this before accepting the user and pass
Code: Select all
if (ereg('[^A-Za-z0-9]', $username)){
echo 'bad';
} else {
// ok
}-
Shendemiar
- Forum Contributor
- Posts: 404
- Joined: Thu Jan 08, 2004 8:28 am
Hi all,
Dang! I did not know I had any replies to this post... my forum contact email was set to an old address... grrr, so by the time I checked this thread I had already come up with a solution... but maybe not the best solution?
(Main PHP code:)
(And, here is "auth.inc.php":)
It actually works pretty good... I mean, for not using a DB...
rehfeld: Thanks for your help, I appreciate it! You have given me some great ideas!
I especcially like this code:
I will be able to use that for other parts of my code....
And thanks Shendemiar and djot for the input, I really appreciate it... I have learned so much from people like you all... I love PHP, it rocks!
Cheers m8's,
Micky
Dang! I did not know I had any replies to this post... my forum contact email was set to an old address... grrr, so by the time I checked this thread I had already come up with a solution... but maybe not the best solution?
(Main PHP code:)
Code: Select all
...
...
...
...
// HTML to be written:
ob_start();
readfile($_SERVER['DOCUMENT_ROOT'].'/quotes/inc/auth.inc.php');
$contents = ob_get_clean();
ob_end_clean();
$contents = str_replace('{log}',$auth_user, $contents);
$contents = str_replace('{pass}',$auth_pass, $contents);
$contents = str_replace('{realm}',$company, $contents);
...
...
...
...
fwrite($fp,$contents);
...
...Code: Select all
<?php
// Check to see if $PHP_AUTH_USER already contains info
if (!isset($PHP_AUTH_USER)) {
// If empty, send header causing dialog box to appear
header('WWW-Authenticate: Basic realm="{realm}"');
header('HTTP/1.0 401 Unauthorized');
echo 'Authorization Required.';
exit;
} else if (isset($PHP_AUTH_USER)) {
if (($PHP_AUTH_USER != "{log}") || ($PHP_AUTH_PW != "{pass}")) {
header('WWW-Authenticate: Basic realm="My Privates"');
header('HTTP/1.0 401 Unauthorized');
echo 'Authorization Required.';
exit;
} else {
echo "You're authorized!<br>";
echo "You have entered this username: $PHP_AUTH_USER<br>";
echo "You have entered this password: $PHP_AUTH_PW<br>";
}
}
?>rehfeld: Thanks for your help, I appreciate it! You have given me some great ideas!
I especcially like this code:
Code: Select all
if (ereg('[^A-Za-z0-9]', $username)){
echo 'bad';
} else {
// ok
}And thanks Shendemiar and djot for the input, I really appreciate it... I have learned so much from people like you all... I love PHP, it rocks!
Cheers m8's,
Micky
Ooooh, good call, that sounds like an interesting way to do this...
This is a script that will allow me to make totally customizable bids on web-design jobs... it creates folders with the PHP file bids inside (which are password protected, with passwords unique to client)... I am also eventually going to have another script that will delete folders/files older than 14 days...
Virtual folders may be the way to do it though, I will do a search, thanks for the info djot, I appreciate it!
m
This is a script that will allow me to make totally customizable bids on web-design jobs... it creates folders with the PHP file bids inside (which are password protected, with passwords unique to client)... I am also eventually going to have another script that will delete folders/files older than 14 days...
Virtual folders may be the way to do it though, I will do a search, thanks for the info djot, I appreciate it!
m
-
Hi,
So you use folders that are pasword protected only to store the bid's to whatever jobs/etc.?? Why you don't store that information inside a database? You don't store any data/scripts/files/images. You don't need any files or folders I guess. Not even the virtual ones I mentioned before.
djot
-
Hi,
So you use folders that are pasword protected only to store the bid's to whatever jobs/etc.?? Why you don't store that information inside a database? You don't store any data/scripts/files/images. You don't need any files or folders I guess. Not even the virtual ones I mentioned before.
djot
-