We help IT Professionals succeed at work.

password protecting group of php files

weikelbob
weikelbob asked
on
308 Views
Last Modified: 2013-12-13
How do I make a group of files password protected using PHP and MySQL? Each user will have their own password.

Thanks!
Comment
Watch Question

This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Top Expert 2007
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
I don't think that's what I'm looking for.

I'm looking for a script that uses

require_once(login.php)

that gets called every time someone goes to one of my PHP files.

Thanks.
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
//You can probably user this test, I use it to turn protection off site-wide when testing locally

should read:

//You can probably LOSE this test, I use it to turn protection off site-wide when testing locally
The main thing that you'll need initially is that this will set:

$_USER['LoggedIn']

to true or false depending. - then depending on whatyou're protecting:

if it's a PHP file:

<?php
//someprotectedpage.php

require("session.php");

if(!$_USER['LoggedIn']) {
    die("No permissions");
}
...
//PHP Script here
?>

if it's some OTHER sort of file, you can use PHP to pass it through...

<?php
//getprotectedfile.php

require("session.php");

if(!$_USER['LoggedIn']) {
    die("No permissions");
}
$name = './img/ok.png';
$fp = fopen($name, 'rb');

// send the right headers
header("Content-Type: image/png");
header("Content-Length: " . filesize($name));

// dump the file and stop the script
fpassthru($fp);
exit;

?>
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
I would've suggested that but the question specifically mentionded including something in secret files.

for the record, if you're going down the HTTP Basic Auth route, you a) have very little control over the login page - usually just the title. B) have to do it on a per-directory basis (or write something to play with the .htaccess file every time directory contents are modified) and C) don't need a PHP file to give you a 401 Auth requried - just let Apache handle it...
ACtually, ignore B&C above - just re-read the article :) A still applies though :)

Author

Commented:
Thanks Guys,

Bob

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.