Page 1 of 1

File manager how to prevent access to specific folders/files

Posted: Sun Dec 04, 2005 1:13 pm
by merlin89
Hi all,

I have created a filemanager that gives admin the facility to create new folders and upload files to those folders. i have also got a great script that provides a user admin facility that also authenticates users using a mysql database I'm a bit stuck on how to go about preventing certain users from seeing the contents of certain directories (and files as well), such that a user logs in and he can only access those directories he has prileges for. I was thinking of using .htaccess but the server Im using doesnt support it. Could somebody point me in the right direction please.

Many Thanks
Ian

Posted: Sun Dec 04, 2005 2:54 pm
by Chris Corbyn
From this thread: viewtopic.php?t=41522

I guess that should be server software independant.
William wrote:

Code: Select all

<?

if($_SERVER['PHP_AUTH_USER'] == "William" && $_SERVER['PHP_AUTH_PW'] == "mypass") {
		echo "You are now loggedin!";
} else {
	header("WWW-Authenticate: Basic realm="".$login_text.""");
	header("HTTP/1.0 401 Unauthorized");
	echo "Authorization Required.";
	exit;
}

?>
To put it simple $_SERVER['PHP_AUTH_USER'] is the variable of the username field and $_SERVER['PHP_AUTH_PW'] is the variable for the password field of the login popup. Now we need to make it popup the login! So we added the header("WWW-Authenticate: Basic realm="Simple Login Script""); function which sends a header telling it to basically make that popup. Now where it says Simple Login Script you put what you want the popup box to say. Now the header("HTTP/1.0 401 Unauthorized"); says that if it was unauthorized to display a 404 error. and whatever is under that is what will show when the user clicks cancel.
username:password