On Thu, 2010-08-12 at 02:02 +0430, Ali Asghar Toraby Parizy wrote: > Hi. > I need a protected directory in my server that only the authenticated user > can reach all files in that folder(file type is zip and picture or a web > page, maybe). I save user ID and passwords in mysql database. today I tried > to use htaccess but mod_auth_mysql isn't installed on my server. > I know that I can protect web pages by a simple PHP script(checking log in > session) but I don't know how I can protect images and files! > Thanks for any help You can protect with a .htaccess with a more basic protection, by having a password stored in an encrypted form in a file somewhere that Apache can see. However, if you need to authorise users via details in a DB, then your best bet is to store all the files themselves outside of the web root, and then use a script to access them. The script can authenticate users however you want, and only when they are logged in will it read from the file and write that back out to the client with the correct headers. If you can't put the files outside of web root, then you have little hope of securing them if you can't get mod_auth_mysql installed. Thanks, Ash http://www.ashleysheridan.co.uk
