Posted by Rik on 03/15/07 07:27

Nosferatum <John.Olav.O@gmail.com> wrote:

> I am in need of a solution on how to solve this problem:
>
> I need to limit access to six different folders. My users are
> validated in a system which check their prescence with a couple of
> variables in a db and then forwards them if they exist. Based upoen
> their status they are redirected to one of six folders.
> Users belonging to group A shall get access to folder A, but not B, C
> etc. It must be possible to limit access in this order by referrer,
> but I really don't knwo how to do this. Perhaps in a combination with
> a .htaccess file?
> Right now it's not a big deal for for.example users from group C to
> explore the folders belonging to group A,B,D etc. And that's my big
> problem, since each folder should be accessible to ONLY one group.

Do _NOT_ use referer for this. If there's something that is easily forge=
d =

it's that. I'm not entirely clear what you mean by 'folders'. Do you mea=
n =

they can simply get to the contents? You say the users are validated, so=
=

let's say a session is started, ad you;ve saved a variable like =

$_SESSION['group'] =3D 'A'. Now check in folder 'A' wether they belong t=
o =

this group, and refuse access to them if this isn't the case. In a =

..htaccess file this isn't possible. I'd force a single point of entry in=
=

the folder, which checks this value, sends a forbidden header and exits =
if =

they aren't validated or belong to the wrong group. If they are valid =

visitors, let it continue and serve the requested files.
-- =

Rik Wasmus
Posted on Usenet, not any forum you might see this in.
Ask Smart Questions: http://tinyurl.com/anel

[Back to original message]