Page 1 of 1

Directory access.

Posted: Wed Jan 31, 2007 7:21 am
by murlopaz
Hi everybody,
I figured out how to authenticate users through ldap.
Now, if the user authenticated successfully I have to give him access
to certain folders on the web server (apache) based on the group they belong to.
How do I accomplish this?
Thanks a lot!

Posted: Wed Jan 31, 2007 7:31 am
by dude81
There is beautiful project on sourceforge on access layers
phpGACL.
But it will be somewhat difficult to understand.

Posted: Wed Jan 31, 2007 7:40 am
by murlopaz
well the main problem is:
after I check the username and password I don't know what to do.
My understanding would be that I should redirect the user to the secure directory... on the web server.
But how do I deny access to that folder if the user tries to access it directly?

Posted: Wed Jan 31, 2007 7:58 am
by dude81
Put this in the index file of that directory

Code: Select all

if($_SERVER['HTTP_REFERER'] !='yourauthentication.php'){
echo "Your Access denied";
}else{
//the other code;

}
or simply write a rule in your .htaccess a deny rule for that directory by anybody