Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Sessions and file security... 1

Status
Not open for further replies.
admoore

admoore

IS-IT--Management
May 17, 2002
224
US
I wish to authenticate client logons via sessions and display the contents of a specific directory to the user based on logon... So far, no problem... Script lists contents of appropriate directory and creates a link to access each file (.pdf reports)...

Here's my problem-

If I just use subdirectories within my public_html directory, a saavy user could access files via the path in the link anchor without authentication and perhaps guess their way into other users directories...

If I place the files somewhere other than public_html I can list the files; but, Apache won't/can't serve them upon demand.

I do not with to ask users to authenticate again using Apache & .htaccess so.... Any ideas???

PLUS...

Follow Up Question-

If I wish to addslashes to all post variables, how can I do that without calling each by name? I tried:
Code: 
while (list($key,$val) = each($_POST))
{
    $_POST[$key] = addslashes($val);
}
But, this didn't work for me...

TIA for all!
 
Sort by date Sort by votes
Perhaps let Apache deal with authentication at the filesystem level, and have PHP piggyback on the user-provided authentication credentials.

If you have a PHP script in a directory that is protected by Apache's authentication system using Basic authentication, the userid and the password provided to Apache will be available to PHP in the variables $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'], respectively.

______________________________________________________________________
TANSTAAFL!
 
Upvote 0 Downvote
Can I use PHP to pass authentication credentials to Apache so that once authenticated via sessions they could access a .htaccess protected directory?

If so, how?

TIA,

-ADM
 
Upvote 0 Downvote
No way that I know of. ______________________________________________________________________
TANSTAAFL!
 
Upvote 0 Downvote
There is one way to share authentication between PHP and Apache: mod_auth_mysql. This method stores authentication in a MySQL database, so that you can access that data by any other program, including PHP.

See these websites:


Apparently, there are several mod_auth_mysql versions available, but the ones I list above seem the most recent. You can see them all by doing a search at
There is another method of sharing authentication, which is even more scaleable: LDAP. LDAP, or Lightweight Directory Access Protocol was created for exactly this kind of purpose: sharing authentication and user info between different hosts and environments. Do a search for "ldap" at -------------------------------------------

Big Brother: "War is Peace" -- Big Business: "Trust is Suspicion"
(
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

SashaBuilder3
  • Locked
  • Question
import CSV file into MySql table in PhpMyAdmin
Replies
0
Views
378
SashaBuilder3
SashaBuilder3
Gerrit Broekhuis
  • Locked
  • Question
PHP form with captcha and file upload
Replies
4
Views
203
Gerrit Broekhuis
Gerrit Broekhuis
c0deM0nK424
  • Locked
  • Question
Gutenberg Block Editor - page edits and updates not working since wp site migration
Replies
1
Views
641
spamjim
spamjim
chrisjchrisj
  • Locked
  • Question
Can you tell me if this file outputs a subcategory page?
Replies
3
Views
183
spamjim
spamjim
lexer
  • Locked
  • Question
Fetching Data from Mysql and filling Inputs in a Form
Replies
0
Views
148
lexer
lexer

Part and Inventory Search

Sponsor

Back
Top