Folder Access - Authentication

HarvMan

Hi,

I am using a .shtml page with the following included php script to list the contents of a particular folder. The folder on the web server is configured with a username and password.

How can php force the server to prompt for credentials?
How can I limit the directory display to only .pdf files?

<?php
$url = "http://www.<domain>";
$dir = "bbc";
// Open a known directory, and proceed to read its contents
if (is_dir($dir)) {
    if ($dh = opendir($dir)) {
       while (($file = readdir($dh)) !== false) {
            if ($file != "." && $file != "..") {
                print "<li><a href=\"$url/$dir/". $file. "\" target=\"_blank\">$file</a></li><br>\n";
            }
        }
    closedir($dh);
    }
}
?>

scrupul0us

if you are using apache you can use the files directive/container to dictate which files to show, you can also setup mod_auth to prompt for credentials via an htaccess in the folder or directory directive within your httpd.conf

if you are using IIS, you can install IISpassword to simulate mod_auth via .htaccess, .htgroups, .htpasswd files... also for only displaying PDFs, set the default document on the dir to index.php only, and inside index.php crawl the directory for PDF files and dump the results as links to the page... you will also have to remove directory browsing from that folder to keep people from seeing all the files

HarvMan

Thanks scrupul0us ...

It is an Apache - hosted - environment. So I would not be permitted to implement that solution. The folder I'm using does have an htaccess file with the following:
Options +Indexes
IndexOptions -FancyIndexing

laserlight

HarvMan wrote:
It is an Apache - hosted - environment. So I would not be permitted to implement that solution.

Check if that solution is already possible, i.e., mod_auth is already installed.

HarvMan

I received confirmation that mod_auth is indeed enabled.
Apache 2.2.13
PHP 5.2.9

HarvMan

How do I go about implementing a solution? I am not overly experienced with Apache or PHP. Thanks!

laserlight

HarvMan wrote:
How do I go about implementing a solution? I am not overly experienced with Apache or PHP.

Read the Apache web server manual on Authentication, Authorization and Access Control. You would be using a .htaccess file.

There is another option that comes to mind: HTTP authentication with PHP. In this case, you would write a PHP script that displays all PDF documents in the given directory (e.g., with [man]glob/man) after it has verified the credentials provided by the user.