Author Topic: PW protection  (Read 1877 times)

Jake

  • Jackass In Charge
  • Posts: 8650
  • Karma: +83/-18
PW protection
« on: June 24, 2008, 03:12:38 PM »
I've read Mike's post http://www.entropysink.com/forums/index.php?topic=6741.0 and will try it. But does anyone have any other solutions on how to password protect certain directories (I don't need username?

What I want to do is to create a site fu.com with a subdirectory fu.com/bar - I want access to /bar password protected. Also, all the directories that /bar will link to can be accessed from /bar, but not of you just type in their url.

I hope the above makes sense.
Do not follow where the path may lead. Go instead where there is no path and leave a trail.

Steve

  • This 49%er supports Romney
  • Just a Jackass
  • *
  • Posts: 16120
  • Karma: +31/-410
  • Mr. Mom
Re: PW protection
« Reply #1 on: June 24, 2008, 03:19:21 PM »
I always used htpassword methods for locking people out like mike said. Are you running apache?. Nothing is perfect but using a database and a few checks can help alot also.
hey ethic if you and i were both courting lily allen..... oh wait, which one of us has a relationship that lasted more than the bus ride home?

Mike

  • Jackass In Charge
  • Posts: 11248
  • Karma: +168/-32
  • Ex Asshole - a better and more caring person.
Re: PW protection
« Reply #2 on: June 24, 2008, 06:40:39 PM »
I think the first thing you need to do is to let us know the environment.  The solution I gave on that previous page was for a particular environment and IMO there are much better ways to do it.

One of the key things is do you want a single password that everyone will use or do you want individual passwords?  You mentioned that you didn't need usernames so I get the impression that you only need a single password.

If you have apache one very easy (relatively) thing to do would be to use .htaccess and setup a rewrite so that all pages in /bar and its subdirectories are executed through /bar/index.php and then in index.php you handle all authentication.

If you are only using one password then authentication is pretty basic IMO:  just have index.php check to see if they have been authenticated and if they haven't present a form in which they give the password and if they have then you just include the page they wanted and execute it.  For ease of use I would set some type of cookie.  You'll need to come up with some techniques to prevent cookie stealing though.