Redirection setting in php/Apache

Hi experts,
I am really stuck in this. please help.

I have a php application deployed in a Apache server. The apache server does not have mod_rewrite module installed. My application has a login.php file and other application specific php files.
Now my application requires that if a user tries to access any of the php files directly, using the url, there should be some kind of setting by which he should be redirected to the login.php file and once the user logs in, he may access any of the other files directly.

(1) can you please advice my as to how this can be implemented with apache and php?

Any Help will be highly appreciated.

Thanks
sandhya01Asked:
Who is Participating?
 
mirmillCommented:
I wonder why nobody suggested use of session?
sandhya01,
Paste the code I attached to the top of all your relevant files (except login file).
If anybody tries to enter directly to mentioned files, he will be automatically redirected to login file.
I hope that I understood your question and that this will help.
 
<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "y,n";
$MM_donotCheckaccess = "false";
 
// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 
 
  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && false) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}
 
$MM_restrictGoTo = "login.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) 
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
?>

Open in new window

0
 
cdaugustinCommented:
hi,

simply check if the user is logged in a file thats included in all the other files (maybe the conf file) with the exception login.php
0
 
sandhya01Author Commented:
Hi expert
Thank you for your comments,
 i dont want to touch the other files present in the application.
i want that they should not be able to access my files directly until they are logged in via my login.php page.
Is there any setting in apache/php by which i can mark the files present in an directory as protected and when the user tries to login, they are redirected to my login.php page and once login is successful, that protected setting is changed to unprotected for that directory and user/session and the user is able to login.

Please let me know if there is any

Thanks
0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

 
cdaugustinCommented:
hi,

unfortunately if you do not have control of the other files this will prove difficult. If you wanna do it from within php you need to check for login. The only other alternative I can think of is to use apache's auth mechanism go to the following link

http://httpd.apache.org/docs/1.3/howto/auth.html

and search for database auth (its described among the last) but for this you would need to have some apache modules enabled.
0
 
cdaugustinCommented:
the following version is for apache 2.0 (the link in the other comment was for apache 1.3)

http://httpd.apache.org/docs/2.0/howto/auth.html
0
 
sandhya01Author Commented:
Thanks cdaugustin.
I am going through your's suggested link and will keep you informed.

Thanks again
0
 
sandhya01Author Commented:
Hi Expert,
A better answer could have been to use the function phpinfo() in a php page, and see the details.

Thanks
0
 
cdaugustinCommented:
hi

what does phpinfo() has to do with anything? we were talking about how to auth a user without modif the files ....
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.