Hello.

Hope you're all well!

Just wondering if this is possible with PHP.

We currently have htaccess providing security for our "/secure" directory.

I want to use a login form and protection through PHP, but the problem is this...

All the scripts I've found, even from this site, require that there's code entered onto each php page. This is fine, except I also want to secure EVERYTHING in the directory, including images, .txt files, etc. With htaccess, *anything* that's requested from the protected directory needs the login...

Is this possible?

We also don't want to use a MySQL DB, as there'll only be about 20 logins...

We're running:
Zeus 4.2
PHP 4.3.2
Linux 2.4.20

Many thanks.

Regards,

You could use mod_rewrite (http://httpd.apache.org/docs/mod/mod_rewrite.html) to convert all URLs into calls to a PHP script. This PHP script could then check the security privileges, then send the content as if nothing had happened. Of course, it would be slightly slower and cause more server load, but it should work fine for most purposes.

The rule would probably look something like this:

RewriteRule ^/secure/(.+)$ /secure.php?id=$1

For a handy guide to URL rewriting, check out this article (http://www.sitepoint.com/article/910).

Adam

Can't ya just get apache to check if someone is allowed or not?

Hiya.
Thanks for your replies.

In response to Mr Herer's, yes the HTTPD's protection (htaccess) works absolutely fine. I'm going to start a thread now in the appropriate forum to ask a couple more questions regarding it.

Thanks for the information Adam, I think though I might as well stick with htaccess. I was just wondering whether it was something PHP was designed, and easy to do. Htaccess (statistic wise) that I just researched does the job pretty well. It's not mission critical data, just private data, so we'll continue using htaccess.

Regards,

a simple security measure would be to chmod all the files in a perticular directory to 0600 or 0700, that should prevent any direct access to those files