I have an idea for security on my website. Asking anyone if they can find a flaw in this design.
I will attempt to use .htaccess file to auto_prepend a header file to every file in the chosen directory. This header file will contain a script to authenticate the user. Since the auto_prepend header file runs before the main body, it will be able to run a check for username/password before displaying anything else on the screen. If the user is true then it just continues on. If user is not valid then 'die'. This is my first post on this forum. Thanx a bunch, -aaron
That's not a bad idea - however I'd suggest using include() to stick the script in at the top of every file rather than auto_prepend (basically because it's mroe portable, and .htaccesss is a slightly messy way of doing things).
The principle is definitely sound - I've written several applications that use an included script at th top of the file to check username/password and exit if they aren't OK.
Cheers,
Skunk
Initially, I was using the include() statement (as you suggested) at the top of the documents to call the authentication script - but for some reason it seems to be easier to secure an entire directory (in this case, an entire website) and all its contents by simply requiring a username/password check before any document can be loaded. I could foresee myself forgetting to add the include(authenticate.inc) at the top of a newly uploaded webpage and then that page would be accessible! Ooops! This is my reasoning for using this my method....now does it make sense? or still no? Thanx -a
Just because I don't like searching phpbuilder only to find the same question I am looking for with no answer.
Here is how to use .htaccess to auto prepend a file
Add this to the .htaccess file
php_value auto_prepend_file "path/to/file"
