Password protecting whole directory

Anon

I am new to using php and as a consequence I am having problems setting up a protected directory. I.e a directory where only a user with a valid password may enter. I know how to set up password protection using the standard HTTP header under php but this is not the set up that I would like to use. I am going to use the combinaton of PHP and MySQL to hold and validate users. The user will be presented with a password entry page when they try to enter my site and if they enter the correct password they will be allowed to view the files in the directory. I am using unix web space which can does run php4.

Thanks in advance for any help.

melmoth

Hi there.

I ususally do this this way:

a global prepend file that start a session.

If a session variable named session_id is not set, redirect to a login page that will check if login/pass is correct and if it is set the session_id variable.

Do not forget that if you dont use ssl people would be able to sniff cookie value that store the session_id and be able to snoop a connection.

Anon

do you have an example of the global prepend file that i can see.

melmoth

A really basic one (with only 1 login and one password allowed would be):

session_start();

if( (!session_is_registered("logged")|| $logged!=1) && $SCRIPT_FILENAME!=$rootpa
th."/login.php" )
{
header("Location: login.php");
exit;
}

You can check the whole example in this project:

http://melmoth.dyndns.org/phpcast/phpcast.tgz

Hope this help.