I have been using a free Perl script I found when I was just learning HTML and hadn't decided yet to upgrade my organization's hosting service and to tackle MySQL and PHP. Now that I'm in it up to my neck, I guess what I need to do, if I can, is to write my own script for it and understand what is happening with the .htaccess and .htpasswd files. Then I'll be able to use one of my pages to do the login, set a cookie and not require login -- all that good stuff.

My initial searches suggest Pear will have something to do with it. Am I on the right track? If so, I'll need to ask someone a few simple questions about Pear because the introductory documentation is daunting at first blush.

Any help, examples, tips?

Thanks for all the great help. This PHP/MySQL stuff is enormous good fun. This is a great forum!

I would just set use a session instead of using an .htaccess file then you have a bit more freedom how your login can work.

I get your point, but I have other documents in the directory that I want to keep the casual/curious out of. There's no financial or personal data to protect, but the work on these forums can be politically sensitive.

I can understand how each .PHP file in a particular directory can check for a variable like $_SESSION['pwd'] before returning any HTML, but I also want to protect other documents in other formats that are linked in these pages. Forum members might attach files, etc. Isn't using the .htaccess and .htpasswd files the only way to protect everything in the directory?

Isn't using the .htaccess and .htpasswd files the only way to protect everything in the directory?You could alternatively store the non-php files in a directory above the htdocs directory and thus it won't be accessible from anyone. Then you have a php servlet that can access those files and display them to users who have the proper session value.

--Steve

This could be getting somewhere...
a directory above the htdocs directory
I don't know what that is. My familiarity with the file structure is only what I see with my FTP GUI. Any more tips on that?
a php servlet that can access those files
...and what does it take to access the files? Can they then be downloaded in their own file formats?

thanks!

Well, its any folder that's on your server that isn't the root folder that contains all your web documents (or any of its subdirectories). Your host may or may not provide you with access to any other folder besides your root document folder, so try asking your host. And yes, it is possible to serve the files in their own file formats.

--Steve