Restriction problem!!

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
dorimi
Forum Newbie
Posts: 2
Joined: Fri Aug 17, 2007 6:30 am

Restriction problem!!

Post by dorimi »

Hi!!

I need to build a website with a login screen, hence the site is only for registered users.
I am going to use PHP for the login procedure but the rest has to be plain html webpages.

How can I prevent direct access to the html pages e.g. by typing the url to the html page ?
I have read that I can use htaccess to prevent access but I am not sure how to connect htaccess to all registered users in the database.

Any idea ?

Thank you.
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Post by superdezign »

By using PHP instead of HTML. It's not a hard fix. Just convert all of the HTML pages to PHP, and add a quick line at the start that redirects them to the log in page if they don't have a validated session open.
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Post by Mordred »

You can't.
Either have the registration process add users in a htpasswd file (which is quite impractical as you may guess, and has several implementation problems), or you serve the static pages from a PHP file that first checks the login status of the user. Be careful on how you print the static pages, or you may end with problems like this one: viewtopic.php?t=72504
dorimi
Forum Newbie
Posts: 2
Joined: Fri Aug 17, 2007 6:30 am

Post by dorimi »

Thanks for the quick reply.

I will use php files instead of html files.

However there will be links within the restricted site, to PDF files which have to be accessible only to the registered users.
Any ideas how to restrict access to the PDF files only for users in the database ?

Thanks...
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Post by superdezign »

dorimi wrote:Thanks for the quick reply.

I will use php files instead of html files.

However there will be links within the restricted site, to PDF files which have to be accessible only to the registered users.
Any ideas how to restrict access to the PDF files only for users in the database ?

Thanks...
Hmm. I'm not too sure why you'd need to, but I guess you could use .htaccess to block all direct access, then access it through PHP using header() and file_get_contents().
Post Reply