EntropySink
Technical & Scientific => Programming => Topic started by: Jake on June 24, 2008, 03:12:38 PM
-
I've read Mike's post http://www.entropysink.com/forums/index.php?topic=6741.0 and will try it. But does anyone have any other solutions on how to password protect certain directories (I don't need username?
What I want to do is to create a site fu.com with a subdirectory fu.com/bar - I want access to /bar password protected. Also, all the directories that /bar will link to can be accessed from /bar, but not of you just type in their url.
I hope the above makes sense.
-
I always used htpassword methods for locking people out like mike said. Are you running apache?. Nothing is perfect but using a database and a few checks can help alot also.
-
I think the first thing you need to do is to let us know the environment. The solution I gave on that previous page was for a particular environment and IMO there are much better ways to do it.
One of the key things is do you want a single password that everyone will use or do you want individual passwords? You mentioned that you didn't need usernames so I get the impression that you only need a single password.
If you have apache one very easy (relatively) thing to do would be to use .htaccess and setup a rewrite so that all pages in /bar and its subdirectories are executed through /bar/index.php and then in index.php you handle all authentication.
If you are only using one password then authentication is pretty basic IMO: just have index.php check to see if they have been authenticated and if they haven't present a form in which they give the password and if they have then you just include the page they wanted and execute it. For ease of use I would set some type of cookie. You'll need to come up with some techniques to prevent cookie stealing though.