user authentication

Hi!
i am trying to restrict users from accessing any file( code, images, zip or flash). i cannot place the protected directory out side server's path. i am using Apache HTTP server authentication, since there is no other way. now i want to use my own form, not the dialog box provided by web server. i can use javascript to do all the communication using XMLHttpRequest object. but the problem is that in order to execute this javascript, this page should be executed first, but that web server login dialog box apears even before this page can execute.
the other problem, if i disable web server authentication, then i can only protect php files not the images, zip files or any other type of file from the users. they can download them by directly giving the url of say zip file.
any idea, what should i do ??
LVL 4
SadafRasheedAsked:
Who is Participating?
 
alakritiCommented:
another solution could be to setup a mod_rewrite rule to direct all views in a particular folder to your PHP script, wich of course could validate their login credentials then. take the information provided by the url and output the header information for the image etc. and use something like readfile() to serve the content to them. this ensures that all hits to the folder pass through your PHP script. even if its an image or zip file etc.
0
 
dr_dedoCommented:
you can prevent hotlinking to your files, it is a common procedure with images but i don't see what makes it not work with zips and sqw as well, have a look on that tutorial and see if you can implement it in your site
http://underscorebleach.net/jotsheet/2004/11/stop-image-hotlinking-tutorial-htaccess-apache
0
 
randy_stuartCommented:
I am not sure that I fully understand what you are trying to do, but Javascript is not the way to provide security since it is client side.  Meaning that the client can view all of your code used to create the security and can then hack it more easily.

If you don't want anyone to see what is in a certain folder then turn off the permissions on that folder.

If you want only authenticated users to view files, then use cookies, on each page to check if the user has been authenticated before showing the page, and do what dedo said.
0
Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

 
SadafRasheedAuthor Commented:
i think both of u didnt get what i am trying to do :(
actually i want to communicate with the web server authentication dialog box.. is there any way to do that..
if not then is there any way to get the user info that was supplied to that dialog box, in my php file
0
 
AutogardCommented:
Maybe I don't understand either, but are you saying that apache is serving up another page instead of the page that you want served?  If it is a matter of which precedence to use in displaying pages in a directory then you need to use the "DirectoryIndex" directive:

# Serves index.php by default, then index.html if no index.php (in apache conf file)
DirectoryIndex index.php index.html

Then if I access the directory "www.myhost.com/mydirectory" it will check for index.php first.

Sorry if I don't understand either.
0
 
SadafRasheedAuthor Commented:
i think i am unable to explain, what i want :$
0
 
SadafRasheedAuthor Commented:
yes this is what i want.... :)
can u plz guide me further,,
do i mod_rewrite rule in .htaccess file,,,
i want this restriction for one directory (and offcource its sub directories) ,, i hope this wont affect other directories....
0
 
alakritiCommented:
you can place your rewrite rules in the .htaccess folder it will only effect that directory and subdirectories
0
 
SadafRasheedAuthor Commented:
ok,, decided,,, this is what i want,, and i want it badly and urgently,,
i just studied mod_rewrite
it uses regular expressions,, i tries one or twice but failed to learn regular expression and am sure can learn in whatever time i have now,, so can u plz guide me what should i write in .htaccess file if i want users trying to access any file or directory under
http://www.abcdef.com/Members/
to be redirected to
http://www.abcdef.com/membership/index.php?cmd=login

and how will i get the actual url that the user typed in...

thanks that is really helpin a lot
0
 
SadafRasheedAuthor Commented:

RewriteEngine on
RewriteRule ^([^/\.]+)/$  /membership/index.php?url=$1

should i write this??
0
 
SadafRasheedAuthor Commented:
i wrote the lines below in .htaccess file and uploaded it to the parent directory of "members" and it worked,, it redirected me to login page,, even when i typed the url of an imge :) :)

RewriteEngine on
RewriteRule ^members(.*) /membership/index.php?cmd=login&url=$1


thanks every one for your help :)


0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.