File manager how to prevent access to specific folders/files

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
merlin89
Forum Newbie
Posts: 17
Joined: Thu Nov 10, 2005 7:57 am

File manager how to prevent access to specific folders/files

Post by merlin89 »

Hi all,

I have created a filemanager that gives admin the facility to create new folders and upload files to those folders. i have also got a great script that provides a user admin facility that also authenticates users using a mysql database I'm a bit stuck on how to go about preventing certain users from seeing the contents of certain directories (and files as well), such that a user logs in and he can only access those directories he has prileges for. I was thinking of using .htaccess but the server Im using doesnt support it. Could somebody point me in the right direction please.

Many Thanks
Ian
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

From this thread: viewtopic.php?t=41522

I guess that should be server software independant.
William wrote:

Code: Select all

<?

if($_SERVER['PHP_AUTH_USER'] == "William" && $_SERVER['PHP_AUTH_PW'] == "mypass") {
		echo "You are now loggedin!";
} else {
	header("WWW-Authenticate: Basic realm="".$login_text.""");
	header("HTTP/1.0 401 Unauthorized");
	echo "Authorization Required.";
	exit;
}

?>
To put it simple $_SERVER['PHP_AUTH_USER'] is the variable of the username field and $_SERVER['PHP_AUTH_PW'] is the variable for the password field of the login popup. Now we need to make it popup the login! So we added the header("WWW-Authenticate: Basic realm="Simple Login Script""); function which sends a header telling it to basically make that popup. Now where it says Simple Login Script you put what you want the popup box to say. Now the header("HTTP/1.0 401 Unauthorized"); says that if it was unauthorized to display a 404 error. and whatever is under that is what will show when the user clicks cancel.
username:password
Post Reply