php + apache authentication

scrupul0us

heres my dilema... im trying to setup a client login portal for my web design side business

i have the login portal working fine... users enter their email password and domain

if the credentials are legit it simply forwards them to an underlying directory

right now, with apache, i have the main ~clients directory protected so that you cant get indexes, HOWEVER, if you know the correct underlying directory name, you can load that just fine (uses apaches SATISFY ALL method)

now, what id like todo is remove that method so that even if you know the correct directory you have to be authenticated through the portal first

is there a way using apache auth to interface with PHP sessions to determine if the user is validated and let them into their respective directory?

i guess im looking for an apache end solution... i dont want to have to include a code snippet into EVERY project i have running and then have to remove it when i deploy the sites

so e.g. i can setup the underlying directories to mandate an authenticated user and somehow when php redirects to that underlying directory it tells apache it has an authenticated user using a header maybe

The_Chancer

How about http://uk2.php.net/features.http-auth May give a few pointers 😉

scrupul0us

follow up question... i know u can auto prepend files to all php scripts... is there a way of doing this for just a particular folder using apache... e.g. in httpd.conf u can set that directive on directory levels

that way i could just auto prepend a small auth module to that entire client directory and never have to edit the actual site code

rowanparker

Normally wait more than 10 mins before bumping!

You could just now allow anyone access to the dir then get PHP to get each file and check if auth'd before hand.

scrupul0us

rowanparker wrote:
Normally wait more than 10 mins before bumping!

i waited 3 days... lol

rowanparker wrote:
You could just now allow anyone access to the dir then get PHP to get each file and check if auth'd before hand.

i dont follow you... once they are logged in they are able to view their website that is in development... there is no further interaction with php once they login

rowanparker

First Post: 04-24-2007, 12:23 AM
Second Post: 04-24-2007, 12:36 PM

I make that that 12 hours rather than 3 days, bit more than 10mins tho. lol.

But anyway...

Ah, I made a simple typo too. It your ain't using PHP 'cept for login then it wouldn't work, nevermind.

bradgrafelman

scrupul0us wrote:
i know u can auto prepend files to all php scripts... is there a way of doing this for just a particular folder using apache

Sure, use an .htaccess file (assuming PHP was installed as an Apache module rather than a CGI binary).

rowanparker wrote:
Normally wait more than 10 mins before bumping!

'Longer'... meaning never? 😉

scrupul0us

ohh on the original post... gotcha... i thought u meant the follow up post...