PHP Sessions and .htaccess
Moderator: General Moderators
-
ripcurlksm
- Forum Commoner
- Posts: 34
- Joined: Sun Aug 08, 2004 9:17 pm
PHP Sessions and .htaccess
I have a section of a website that is password protected for members only and I use PHP sessions to keep the connection alive between pages. While logged in they have access to a series of internal links to a subdirectory of html files that pop into a new window... however this directory it is not protected. ... unless you know the exact URL, you pretty much cant find it... but I am concerned that people are copying the link and sending it to other people who are not subscribers.
Is it possible to setup some sort of .htaccess on a certain directory, in which the user would be prompted for a username and password unless they were already logged in? Meaning is it possible to pass a PHP session username and password to a .htaccess-protected directory? If they are logged in already they see the page/directory, if they are not logged in they get the .htaccess prompt.
Is there a way to do this or can someone recommend a better method of handling this?
Is it possible to setup some sort of .htaccess on a certain directory, in which the user would be prompted for a username and password unless they were already logged in? Meaning is it possible to pass a PHP session username and password to a .htaccess-protected directory? If they are logged in already they see the page/directory, if they are not logged in they get the .htaccess prompt.
Is there a way to do this or can someone recommend a better method of handling this?
-
ripcurlksm
- Forum Commoner
- Posts: 34
- Joined: Sun Aug 08, 2004 9:17 pm
You don't need to bother with .htaccess for this.
Your files that that load in the new window can be protected with a small piece of PHP at the beginning, something like this:
Your files that that load in the new window can be protected with a small piece of PHP at the beginning, something like this:
Code: Select all
<?php
if(!isset($_SESSION['logged_in']) || ($_SESSION['logged_in'] != true))
{
die('Please log in to access this content.');
}
?>Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
- CoderGoblin
- DevNet Resident
- Posts: 1425
- Joined: Tue Mar 16, 2004 10:03 am
- Location: Aachen, Germany
I'd prefer to redirect them to either a login screen or alternatively to the home page using header.scottayy wrote:Code: Select all
die('Please log in to access this content.');
Code: Select all
if (empty($_SESSION['user_id'])) {
header("Location: http://mywebpage.com/login.php");
exit;
}-
ripcurlksm
- Forum Commoner
- Posts: 34
- Joined: Sun Aug 08, 2004 9:17 pm
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
You're not going to do it the way you are trying to now. If they are static HTML pages they can be called regardless of a users logged in status. You would be better making them PHP files (easily, as scottayy has stated) and putting a simple log in script in action to prevent them from calling the files without being authenticated.
-
ripcurlksm
- Forum Commoner
- Posts: 34
- Joined: Sun Aug 08, 2004 9:17 pm
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA