View Single Post
 
Old March 1st, 2004, 04:51 PM
richard.york's Avatar
richard.york richard.york is offline
Wrox Author
Points: 5,506, Level: 31
Points: 5,506, Level: 31 Points: 5,506, Level: 31 Points: 5,506, Level: 31
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Camby, IN, USA.
Posts: 1,706
Thanks: 0
Thanked 6 Times in 6 Posts
Default

There's been a lot of discussion on this on p2p lately.

O.K. there is more than one approach to this. Are you using sessions? If you are, then my second question is are you using Apache as your server?

If so you can lock out users on a per directory basis using .htaccess and sessions (my personal recommendation). Of course there's HTTP authentication too, but that's not as secure, especially if you aren't using SSL.

If you're using sessions and .htaccess you can write a script like this.

Code:
<?php

    // auth_prepend.php

    session_start();

    if (isset($_SESSION['logged_in']) && $_SESSION['logged_in'] == true)
    {

?>

// Secure content

<?php 

    // auth_append.php

    }
    else
    }

        header("Location: go/to/login?refer_id={$_SERVER["PHP_SELF"]}");
    }

?>
Basically this method uses per directory .htaccess php.ini values to secure the directory.

You can use your user registration to automatically generate the .htaccess file in the user's directory. This is what the .htaccess file will look like...


php_value auto_prepend_file path/to/file
php_value auto_append_file path/to/file


If you aren't familar with .htaccess, it gets saved as ".htaccess" and the above is all that needs to appear in it. You can verify that the settings hae taken effect by running a phpinfo() script inside the directory where the .htaccess file is installed. Configuration changes will appear under the "local" heading. If you've never ran phpinfo() this is what it looks like:

<?php phpinfo(); ?>

It just prints out a long, detailed list of configuration options and settings..

Some prerequisites for this to work.. these directives will only work on extenstions configured to be parsed by php.

If that doesn't fit your scenario, then tell us a little more about your set-up and I'm sure someone will be able to help.

: )
Rich

:::::::::::::::::::::::::::::::::
Smiling Souls
http://www.smilingsouls.net
:::::::::::::::::::::::::::::::::