authenication and directories

[EricE]

Alright...I've beat my brains to a pulp and ran my fingers bloody trying to figure out how to protect ALL files (including images) within a directory. I would like to use a PHP function which I have successfully written, however, if someone were to directly link to an image file within the "protected" directory...it won't stop them since no PHP has been parsed. I've looked through several books and come to no conclusion except to use mod_auth_mysql for apache along with htaccess basic authenication. That seems to work except for the fact you MUST use the browser's dialog box for username/password input and also they is no way to create a logout for that (other than close the browser).

I want to use a HTML generated username/password login script with session vars. What options do I have? Please help.

Eric

 

[mcvdmvs]

You can ofcourse use the server htaccess stuff. But what about HTTP authentication?

http://php.nederland.net/manual/en/features.http-auth.php

mcvdmvs
-- "It never hurts to help" -- Eek the Cat

 

[Hokey]

You could move all the "protected" files outside of the web accessible directory.

If your htdocs folder is in /usr/local/apache/htdocs, you would put your "protected" files in /usr/local/apache/protected

You could then use a PHP script to access the files in a variety of ways (include(), file functions, etc).

Doing this would make it completely impossible for someone to access your "protected" files except through your PHP scripts.

 

[EricE]

Hokey, I have tried that but I haven't been able to access images that are outside the root.

If I have the directory /home/webdev/html as my html root and I put an image in /home/webdev how would I access it?

Thanks, Eric

Eric

 

[Hokey]

Eric,

Try using this to access the binaries (images, pdf, swf) outside the root:

<?
 $filename= &quot;/usr/path/to/files/&quot; . basename($file);
 $fp=fopen($filename, &quot;rb&quot;);
 header(&quot;Expires: Mon, 26 Jul 1997 05:00:00 GMT&quot;);
 header(&quot;Last-Modified: &quot; . gmdate(&quot;D, d M Y H:i:s&quot;) . &quot; GMT&quot;);
 header(&quot;Cache-Control: no-store, no-cache, must-revalidate&quot;); 
 header(&quot;Pragma: no-cache&quot;); 
 $extension = explode(&quot;.&quot;,$file);
 if ($extension[1]==&quot;gif&quot;) {
	header(&quot;Content-type: image/gif&quot;);
} elseif ($extension[1]==&quot;jpg&quot; or $extension==&quot;jpeg&quot;) {
 	header(&quot;Content-type: image/pjpeg&quot;);
} elseif ($extension[1]==&quot;png&quot;) {
	header(&quot;Content-type: image/png&quot;);
} elseif ($extension[1]==&quot;pdf&quot;) {
  	header(&quot;Content-type: application/pdf&quot;);
} elseif ($extension[1]==&quot;swf&quot;) {
 	header('Content-type: application/x-shockwave-flash');
} else {
	header(&quot;Content-type: unknown/unknown&quot;);
}
 fpassthru($fp);
 fflush();
?>

if you put this code in a file called binary.php, the you should be able to access binary type files.

to access the image picture.jpg, use binary.php?file=picture.jpg as the image source.
<img src=&quot;binary.php?file=picture.jpg&quot;>

I am not sure what you are tring to accomplish, so you are definatly going to want to modify this code for security reasons...