Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

user authentication

Posted on 2006-06-09
11
Medium Priority
?
357 Views
Last Modified: 2008-01-09
Hi!
i am trying to restrict users from accessing any file( code, images, zip or flash). i cannot place the protected directory out side server's path. i am using Apache HTTP server authentication, since there is no other way. now i want to use my own form, not the dialog box provided by web server. i can use javascript to do all the communication using XMLHttpRequest object. but the problem is that in order to execute this javascript, this page should be executed first, but that web server login dialog box apears even before this page can execute.
the other problem, if i disable web server authentication, then i can only protect php files not the images, zip files or any other type of file from the users. they can download them by directly giving the url of say zip file.
any idea, what should i do ??
0
Comment
Question by:SadafRasheed
11 Comments
 
LVL 16

Assisted Solution

by:dr_dedo
dr_dedo earned 200 total points
ID: 16869812
you can prevent hotlinking to your files, it is a common procedure with images but i don't see what makes it not work with zips and sqw as well, have a look on that tutorial and see if you can implement it in your site
http://underscorebleach.net/jotsheet/2004/11/stop-image-hotlinking-tutorial-htaccess-apache
0
 
LVL 2

Expert Comment

by:randy_stuart
ID: 16870498
I am not sure that I fully understand what you are trying to do, but Javascript is not the way to provide security since it is client side.  Meaning that the client can view all of your code used to create the security and can then hack it more easily.

If you don't want anyone to see what is in a certain folder then turn off the permissions on that folder.

If you want only authenticated users to view files, then use cookies, on each page to check if the user has been authenticated before showing the page, and do what dedo said.
0
 
LVL 4

Author Comment

by:SadafRasheed
ID: 16870550
i think both of u didnt get what i am trying to do :(
actually i want to communicate with the web server authentication dialog box.. is there any way to do that..
if not then is there any way to get the user info that was supplied to that dialog box, in my php file
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 8

Expert Comment

by:Autogard
ID: 16870718
Maybe I don't understand either, but are you saying that apache is serving up another page instead of the page that you want served?  If it is a matter of which precedence to use in displaying pages in a directory then you need to use the "DirectoryIndex" directive:

# Serves index.php by default, then index.html if no index.php (in apache conf file)
DirectoryIndex index.php index.html

Then if I access the directory "www.myhost.com/mydirectory" it will check for index.php first.

Sorry if I don't understand either.
0
 
LVL 4

Author Comment

by:SadafRasheed
ID: 16870833
i think i am unable to explain, what i want :$
0
 
LVL 8

Accepted Solution

by:
alakriti earned 600 total points
ID: 16871021
another solution could be to setup a mod_rewrite rule to direct all views in a particular folder to your PHP script, wich of course could validate their login credentials then. take the information provided by the url and output the header information for the image etc. and use something like readfile() to serve the content to them. this ensures that all hits to the folder pass through your PHP script. even if its an image or zip file etc.
0
 
LVL 4

Author Comment

by:SadafRasheed
ID: 16871725
yes this is what i want.... :)
can u plz guide me further,,
do i mod_rewrite rule in .htaccess file,,,
i want this restriction for one directory (and offcource its sub directories) ,, i hope this wont affect other directories....
0
 
LVL 8

Expert Comment

by:alakriti
ID: 16872008
you can place your rewrite rules in the .htaccess folder it will only effect that directory and subdirectories
0
 
LVL 4

Author Comment

by:SadafRasheed
ID: 16872186
ok,, decided,,, this is what i want,, and i want it badly and urgently,,
i just studied mod_rewrite
it uses regular expressions,, i tries one or twice but failed to learn regular expression and am sure can learn in whatever time i have now,, so can u plz guide me what should i write in .htaccess file if i want users trying to access any file or directory under
http://www.abcdef.com/Members/
to be redirected to
http://www.abcdef.com/membership/index.php?cmd=login

and how will i get the actual url that the user typed in...

thanks that is really helpin a lot
0
 
LVL 4

Author Comment

by:SadafRasheed
ID: 16872351

RewriteEngine on
RewriteRule ^([^/\.]+)/$  /membership/index.php?url=$1

should i write this??
0
 
LVL 4

Author Comment

by:SadafRasheed
ID: 16873394
i wrote the lines below in .htaccess file and uploaded it to the parent directory of "members" and it worked,, it redirected me to login page,, even when i typed the url of an imge :) :)

RewriteEngine on
RewriteRule ^members(.*) /membership/index.php?cmd=login&url=$1


thanks every one for your help :)


0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
This article discusses four methods for overlaying images in a container on a web page
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Suggested Courses

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question