Page 1 of 1

protecting directories using php mysql login system

Posted: Wed Sep 27, 2006 4:30 pm
by imti
I have an application with its own login system based on mysql... I have some more files that i need to post in a sub-directory that i want to control using teh same login. Its running apache with PHP and mySQL on linux...

I have tried using .htacccess, but get the ugly windows login dialog box,, Can i use an external login system and protect both my application (open source - so easy to customize) and the extra directory content with same login system.

thanks in advance

Posted: Fri Sep 29, 2006 5:56 am
by ibbo
I have a privs section of my user table

Code: Select all

CREATE TABLE `user_details` (
  username varchar(32) NOT NULL default '',
  name varchar(40) NOT NULL default '',
  email varchar(128) NOT NULL default '',
  password varchar(32) NOT NULL default '',
  privs smallint(3) NOT NULL default '0',
  active smallint(2) NOT NULL default '0',
  PRIMARY KEY  (`username`),
  UNIQUE KEY `Email` (`email`)
)
When they login you can pass various info from this table into the session LIKE privs for example or $_session['user'] = $row.

Then in your php you simple check for

Code: Select all

isset($_SESSION['user']['privs']) == 500) ? parse('content') : header("/errors/?mode=forbidden");
ibbo