Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Redirection setting in php/Apache

Posted on 2009-05-02
8
Medium Priority
?
287 Views
Last Modified: 2013-12-13
Hi experts,
I am really stuck in this. please help.

I have a php application deployed in a Apache server. The apache server does not have mod_rewrite module installed. My application has a login.php file and other application specific php files.
Now my application requires that if a user tries to access any of the php files directly, using the url, there should be some kind of setting by which he should be redirected to the login.php file and once the user logs in, he may access any of the other files directly.

(1) can you please advice my as to how this can be implemented with apache and php?

Any Help will be highly appreciated.

Thanks
0
Comment
Question by:sandhya01
  • 4
  • 3
8 Comments
 
LVL 5

Expert Comment

by:cdaugustin
ID: 24287127
hi,

simply check if the user is logged in a file thats included in all the other files (maybe the conf file) with the exception login.php
0
 

Author Comment

by:sandhya01
ID: 24287261
Hi expert
Thank you for your comments,
 i dont want to touch the other files present in the application.
i want that they should not be able to access my files directly until they are logged in via my login.php page.
Is there any setting in apache/php by which i can mark the files present in an directory as protected and when the user tries to login, they are redirected to my login.php page and once login is successful, that protected setting is changed to unprotected for that directory and user/session and the user is able to login.

Please let me know if there is any

Thanks
0
 
LVL 5

Expert Comment

by:cdaugustin
ID: 24287532
hi,

unfortunately if you do not have control of the other files this will prove difficult. If you wanna do it from within php you need to check for login. The only other alternative I can think of is to use apache's auth mechanism go to the following link

http://httpd.apache.org/docs/1.3/howto/auth.html

and search for database auth (its described among the last) but for this you would need to have some apache modules enabled.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 5

Expert Comment

by:cdaugustin
ID: 24287535
the following version is for apache 2.0 (the link in the other comment was for apache 1.3)

http://httpd.apache.org/docs/2.0/howto/auth.html
0
 

Author Comment

by:sandhya01
ID: 24289626
Thanks cdaugustin.
I am going through your's suggested link and will keep you informed.

Thanks again
0
 

Author Comment

by:sandhya01
ID: 24356418
Hi Expert,
A better answer could have been to use the function phpinfo() in a php page, and see the details.

Thanks
0
 
LVL 5

Expert Comment

by:cdaugustin
ID: 24471895
hi

what does phpinfo() has to do with anything? we were talking about how to auth a user without modif the files ....
0
 
LVL 1

Accepted Solution

by:
mirmill earned 1500 total points
ID: 24680770
I wonder why nobody suggested use of session?
sandhya01,
Paste the code I attached to the top of all your relevant files (except login file).
If anybody tries to enter directly to mentioned files, he will be automatically redirected to login file.
I hope that I understood your question and that this will help.
 
<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "y,n";
$MM_donotCheckaccess = "false";
 
// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 
 
  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && false) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}
 
$MM_restrictGoTo = "login.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) 
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
?>

Open in new window

0

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These days socially coordinated efforts have turned into a critical requirement for enterprises.
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to count occurrences of each item in an array.
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question