Protecting Folders

Aeiri

How can I set up a protection on certain folders so that it pops up a window asking for un/pw etc, like .htaccess files do, but allow PHP to include files that are in the directory without having it ask the user for the un/pw, which I don't want them to know...

I tried just normal un/pw .htaccess files but for PHP to include them it had to have a password. Is there some way to deny all access to unauthorized users, but to allow PHP to get in? Or some way to have PHP give the un/pw to the server? Now that I think this over, I think it might be possible the first way for people on different servers to use PHP to import those files, but I might be mistaken. Any help?

EDIT: I have another question. How do I create .htaccess files in Windows so I can upload them to my server? It always says I can't create them because there is no filename for the extension...

pnoeric

remember, PHP and .htaccess have totally different ways of getting to files... .htaccess controls how the END USER'S BROWSER gets access; PHP goes on the systems' file permissions.

so, to put it another way... just put your files outside of the web tree and PHP can still access them... orp ut your files in a folder blocked by .htaccess; PHP will still be able to access those files.

best
Eric

Aeiri

I wish it were that simple but it isn't, PHP can't access the files is what I had said. I don't know why, but it requires the un/pw for the folder to include them.

pnoeric

are you sure you're including them, and not doing an <IMG> tag or something?

try writing a test script: put a script named 'include.inc.php' in a folder called 'private' and then, BEFORE putting an .htaccess in that folder, test a PHP script in your root directory that just says include('private/include.inc.php')

if that works, put the .htaccess in the private folder and try the script again. I'll bet it'll still work. if not, you have a very interesting server config, where PHP permissions are feeding off apache user permissions-- strange to say the least!

best
Eric

Aeiri

Well, it didn't work.

http://www.omnipen.net/main/test.php

Is it a problem if I'm not making these .htaccess file myself? I'm creating them through CPanel whatever (the one most hosts I've seen use)...

EDIT: I clicked cancel to that popup window and it displayed the page without my .css and .js files... It's not because of the includes, it's because of the browser trying to get into those files through it, is there anyway to bypass that without putting them in a different folder?

malbera

try to rename to winblowze.htacces or something and then modify httpd.conf:
AccessFileName winblowze.htaccess

Hope that helps

Aeiri

It's not my server, I don't know if I can edit httpd.conf, plus I found out what was wrong in my edit on the post above...