html, user logins and secure directories
Posted: Wed Jul 13, 2005 2:29 pm
Hello everyone! I'm new here, and half-way new to PHP. 
Anyway, here's an issue which has been puzzling me for a while. I have a client who wants a front page with a login box. Users will enter a name and password and then the server should direct them to their own custom directory which has been set up in advance. Easy enough so far BUT the files in the directory are HTML (if you could call it that, the guy makes them in Word!) and obviously can't check for authentication before displaying. Security is not an enormous concern as these are boring and non-confidential corporate documents, but there should at least be an attempt at it.
The way I see it, I have two options:
First option. I could place the various directories on the server and lock them through C-Panel and then try to write a script that verifies the name and password, selects the appropriate directory and logs into it (thus bypassing the browser's built in login box) but I don't know if it is possible.
Secondly, I could write a script that matches the name and pw to an internal list, uses a session or a cookie to verify "logged-in-ness" and sends the user to a "fileview.php?user=bob&page=index" sort of page.
This page would call up the contents of the HTML files from deep within the bowels of the server, copy them to a text variable, loop through and change the links to "fileview.php?user=bob&page=pagename" and then print it to the browser. This way the user never knows the real URL of the files, and the php script won't show anything without the authentication cookie (or session). Images might pose a problem, but I'll tackle them when the time comes.
Any thoughts on this? Am I (in my relative newbiness) overlooking some obvious methods? Thanks
Anyway, here's an issue which has been puzzling me for a while. I have a client who wants a front page with a login box. Users will enter a name and password and then the server should direct them to their own custom directory which has been set up in advance. Easy enough so far BUT the files in the directory are HTML (if you could call it that, the guy makes them in Word!) and obviously can't check for authentication before displaying. Security is not an enormous concern as these are boring and non-confidential corporate documents, but there should at least be an attempt at it.
The way I see it, I have two options:
First option. I could place the various directories on the server and lock them through C-Panel and then try to write a script that verifies the name and password, selects the appropriate directory and logs into it (thus bypassing the browser's built in login box) but I don't know if it is possible.
Secondly, I could write a script that matches the name and pw to an internal list, uses a session or a cookie to verify "logged-in-ness" and sends the user to a "fileview.php?user=bob&page=index" sort of page.
This page would call up the contents of the HTML files from deep within the bowels of the server, copy them to a text variable, loop through and change the links to "fileview.php?user=bob&page=pagename" and then print it to the browser. This way the user never knows the real URL of the files, and the php script won't show anything without the authentication cookie (or session). Images might pose a problem, but I'll tackle them when the time comes.
Any thoughts on this? Am I (in my relative newbiness) overlooking some obvious methods? Thanks