[thelist] PHP / MySQL User Login System

Jake Aust mail_lists at jakesdiner.com
Wed Mar 6 20:14:01 CST 2002 

Andrew .... and all:

I was able to get my user login system to work using Andrew's suggestions to
use an include on each page that is to be secured.

However, I am a bit concerned about how this will be used by us in actual
practice. We design web sites. We want to post preliminary versions of
websites to our secure area so that our clients can browse through versions.

As the project goes on, typically there can be many versions of a site, with
many html files in each version. Using the below method, every time I upload
a new version, I have to rename all HTML files (and links to these files) to
.php. I also need to add the include.

Ideally, I would like to not have to do this, especially the renaming.

Is there any way to get Apache to treat .html files in a given directory as
PHP and run them through the parser? Is there a way to similarly prepend to
all files in a given directory to add the authentication routine?

What I am driving at is not having to modify the HTML pages in order for the
authentication to work. Probably a pipe dream...


Jake





On 2/27/02 7:58 PM, "Andrew Forsberg" <andrew at thepander.co.nz> wrote:

>
> Say you have: a client called 'bigbucks'; their absolute directory is
> /home/yourstagingserver/bigbucks; their web directory is
> http://your.site.com/bigbucks/; the authentication system compares
> the username, password against a DB / flat file, and returns an array
> of accounts (or perhaps just a string if it's only possible to login
> to one account). At the head of every file in every protected
> directory you could have:
>
> require('/incs/authenticate.php');
>
> in that file you could have something like:
>
> // do your session stuff first
>
> $account_attempt = explode("/", $REQUEST_URI);
> if ($PHP_SESSION_VARS["account"] != $account_attempt[1]) {
>    header ("Location: http://your.site.com/");
>    exit();
> }
>
> The explode returns an array where $account_attempt[1] holds the
> string with the directory they're attempting to access (in this
> example 'bigbucks') which needs to be the same as the account they're
> registered to access ($account_attempt[2] will hold a sub directory,
> $account_attempt[0] will be empty). If the two don't match then
> they're redirected and nothing further is processed on your protected
> page. If they match then the authenticate.php program is finished and
> the rest of your program in the /bigbucks/ directory is executed.
>
> If multiple accounts are possible for a single user then you'll want
> to alter the $PHP_SESSION_VARS["account"] line accordingly.
>

More information about the thelist mailing list