PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
I have a login script that when someone logs in it directs them to there folder.. I want a script to add into the index.php file of the users folder so that if they just type in the url with the folder name it ownt just bypass the login script.. so I need it to force the user to log in.. heres the log in code I use..
<?php
# I suggest using && instead of AND. Different interpretations/precedence and all that
if(($PHP_AUTH_USER == "usr1") && ($PHP_AUTH_PW == "test"))
{
header("Location: /usr1/");
}
# you forgot to use elseif for the second statement.
elseif(($PHP_AUTH_USER == "us2") && ($PHP_AUTH_PW == "test"))
{
header("Location: /usr2/");
}
else
{
header("WWW-Authenticate: Basic realm="Subdomain"");
header("HTTP/1.0 401 Unauthorized");
print("This page is PROTECTED by HTTP Authentication.<br>");
print("DO NOT TRY TO ACCESS THIS SITE IF YOU ARE NOT AUTHORIZED!");
}
?>
If the folder is .htaccess protected (deny from all), any files within it can't be called directly so you don't need any bad access scripts. You'd need to
include('usr1/index.php')
rather than header().
I wonder if it's good to mention to possible hackers that you're using apache authentication rather than php or whatever - gives them some info on what to target. Not a big deal (afaik http auth is pretty secure) just a general principle.
Try: "this site is protected by big, lumpy men with baseball bats" instead.