RE: Preventing Access to Private Files

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> -----Original Message-----
> From: Stephen [mailto:stephen-d@xxxxxxxxxx] 
> Sent: Thursday, September 06, 2007 1:04 PM
> To: php-general@xxxxxxxxxxxxx
> Subject:  Preventing Access to Private Files
> 
> I understand how to use PHP with MySQL to have a
> members table to validate passwords. And to limit the
> generation of "member" pages to members only.
> 
> But what about photographs? If someone knows the
> complete URL they could view it directly, unless the
> directory is protected using .htpassword
> 
> But I don't want to have passwords in two places, nor
> muck with the password file everytime a new member
> joins.
> 
> Suggestions?
> 
> Thanks
> Stephen

http://modauthmysql.sourceforge.net/

Pretty much the greatest plugin ever invented for Apache.
I use it religiously.

Then you can have both methods sharing the same db table and it's seemless
and WAY more secure than trying to do some 'index.php' or 'header' tricks...

Basically add something like this to your apache vhost_foo.conf file:

    <Directory /home/foo/public_html/admin>
      Options All +Includes
      AllowOverride None   

      AuthName                          "My Private Admin Stuff"
      AuthType                          Basic
      require                           valid-user

      AuthMySQLHost                     localhost
      AuthMySQLDB                       mydatabase 
      AuthMySQLUser                     mydbuser 
      AuthMySQLPassword                 mydbpass 
      AuthMySQLPwEncryption             sha1
      AuthMySQLUserTable                users
      AuthMySQLNameField                username
      AuthMySQLPasswordField            password
      AuthMySQLUserCondition            "type = 'Admin' AND enabled = 1"
    </Directory>
 
That last AuthMySQLUserCondition is the most useful addition.

Also take a look at this, for some additional ideas in making your "login"
look more professional than just some form fields on a web page...

http://www.php.net/manual/en/features.http-auth.php

You can combine all three methods and chicks will love you like no other...

D.Vin
http://daevid.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux