Apache (.htaccess) securing of folder with database

[Geee]

I am hoping to allow users access to certain parts of our main corporate server by using a basic PHP login to generate a menu of items they can access. On our server is a variety of PHP applications some open source, and some home written. At the moment we have our webmail, a wiki, a bug tracking application along with some custom php application that allow us to manage various bespoke aspects.

What I want to be able to do, is to use some port forwarding to allow remote access to the server. I then want to prompt the user to login and generate a menu of items they can use (from the database). This I have already done successfully.

The tricky part here is that if someone is not logged in to the main system, I don't want them to be able to browse to something they should not see just because they know the URL. I thought that there may be a way to use apache folder protection and .htaccess to do this. I know you can tell htaccess to use a mysql database for its username and passwords, but it's a little more complicated than that!

Does anyone have any idea how this can be achieved without actually inserting code into every page of every application we have running on the server please?

Thanks.

G

-Geeeeeeeeeeeeeeeeeeeeeeee-

 

[jpadie]

what i do is put an .htaccess file in every directory that i want protected. i use the directive

DENY FROM ALL

i then have a script behind a login (managed by php, not apache) that lists the resources i want to make available to a particular user and fetches them selectively (quasi-proxy) through file system calls rather than web server. the file system access, of course, is not affected by .htaccess files.

 

[Geee]

Is it possible to serve pages to the user through file system calls? Something akin to an iframe would be fine, I just thought the php scripts would not be run this way. If you have more information on this method it would be greatly appreciated!

-Geeeeeeeeeeeeeeeeeeeeeeee-