|
|
Posted by salmobytes on 08/25/07 14:55
On Aug 23, 11:08 am, rogerjam...@googlemail.com wrote:
> How would I go about protecting a whole directory, e.g.http://www.example.com/members/and all sub-directories with login
> protection? I wouldn't like to put a .php script in each directory and
> I'd like to protect all file-types
I didn't read the whole thread in detail, but I glanced at every
post. I (think) I have a way to do this that didn't yet come up.
How secure the protection needs to be is important.
If you're talking about financial transactions
or trade secrets, then perhaps my method isn't such a good idea.
I sell digital information. So If I do get hacked the only thing
I lost was a transaction that never would have happened legitimately
anyway.
I sell subscriptions to how-to-do-it boat building instructions.
I make every file underneath some directory point a .php file, even
though it's largely static html.
At the top of each such file (they are all machine genertated, from
mysql tables) I put a few lines of code that looks for a $_SESSION
variable. If that session variable is not set to the right value,
I redirect the page to a login screen. The session variable that
serves
as the key to the secure area only gets set if the user passes a
password test in the login screen. My customers frequently complain
how inconvenient it is........that they can't bookmark the pages.
So this system seems to work just fine for me. .htaccess and mod-
rewrite
don't play a role.
Navigation:
[Reply to this message]
|