Solved

alternative to htaccess for directory authentication

Posted on 2003-10-25
11
381 Views
Last Modified: 2013-12-13
I was wondering if there was an alternative to using a htaccess file to password protecting a directory and the files included within.  I have searched throughout books and on the web and have had no success in finding a solution.  I dont know if this is even possible at this point, but it would be nice to get confimation of my findings.

The reason why I am trying to do this is that a friend has asked if I could do this because he does not like the way that htaccess looks and feels.  What I have resorted to doing is including a script with every file that checks the session.  This may not be the greatest solution but I am still leaning the language as I go.

Any and all comments are great appreciated.
0
Comment
Question by:Nick_R
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
  • +1
11 Comments
 
LVL 2

Expert Comment

by:errows
ID: 9627099
If you already implemented a session login, I think you should stick with it...

0
 
LVL 1

Author Comment

by:Nick_R
ID: 9628085
I dont mind having the session, its just that having to add an include on every page can become a pain, especially since some directories that are used have up to 20 pages within which all need that script.
0
 
LVL 1

Accepted Solution

by:
rstorey2079 earned 150 total points
ID: 9628407
Maybe you could just store your documents somewhere outside of the web root, and use PHP to manage, retrieve and display them.  That way you don't have to keep adding includes.
0
Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

 
LVL 2

Expert Comment

by:errows
ID: 9628436
Maybe you could create a main page with the include for the session and then include all sub-pages there...
You just have to re-write one file, instead of all the others...
0
 
LVL 1

Author Comment

by:Nick_R
ID: 9628828
Thank you for this information, it has definitely got me thinking,

errows, the only problem that I have with that solution is that what if the user tried to access one of the sub-pages directly?  Would it not go directly to that page without any session verification?

rstorey2079, would I still be able to do this since I am not hosting the server,  I am client of a webhost.
0
 
LVL 2

Expert Comment

by:errows
ID: 9628889
how many php files do you have?
with a lot of text editors you can do a replace in a whole directory, for example:
replace <?php
with <?php
session_start();
auth_function();

that would be fast and I think it is better than including files...
0
 
LVL 1

Expert Comment

by:rstorey2079
ID: 9629143
If you have a directory available for your usage that is not hosted by the webserver, then you can do it.  Either doing that, or using .htaccess are the only ways to make sure that people cannot view your documents when they know the URL.
0
 
LVL 1

Author Comment

by:Nick_R
ID: 9636321
Thank you both for the responses,

I would split the points, but I think that rstorey was taking the direction that I was looking for.  I will try that method, and if I cant get it to work, I will tell my friend that htaccess is all that he can use.

Thank you both for your time and input.

Cheers
0
 
LVL 1

Expert Comment

by:rstorey2079
ID: 9636400
Look around on sourceforge.net and hotscripts.com, there may be something already written that you could use.  Using PHP to manage files is fairly common.  Good luck.
0
 
LVL 3

Expert Comment

by:red010knight
ID: 9655781
Well what you could do is something like this its a little involving on the front end but makes up for it on the backend.

First you would creating a pageManager.php that when called will be passed a page id number. The page would then either interface with a database table with 2 fields - pageID and filename with directory. Or you would need to have a function that is a large switch statement with a case for each page, that would basically be:
if this do include_once("file");

That way you have one file that is the only thing the rest of the world sees. And you can do alot of your standard code up front like the <html><title> .... </title> all the way to your <body> tag.

Granted it is involving and not something I would be keen todo with a large amount of pages - but with a good IDE you could do a find-replace thruout multiple files and it would be rather painless for the most part.  The one I recommend is Crimson Editor as I know it can support that functionality and it is free. You can find it at:
http://www.crimsoneditor.com/english/download.html

Good luck and happy coding!
Red010Knight


0
 
LVL 1

Author Comment

by:Nick_R
ID: 9661664
That is quite the juicy little tidbit that you posted red010knight,  I will definitely try it on a small test scale to see how the application can handle this.

Thank you for the information, it is greatly appreciated :)

Nick_R
0

Featured Post

Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question