homepage Welcome to WebmasterWorld Guest from 107.21.135.68
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
Forum Library, Charter, Moderators: bakedjake

Linux, Unix, and *nix like Operating Systems Forum

    
.htaccess question ?
Can I do this ? And how?
kidd




msg:914449
 3:09 pm on Jul 21, 2002 (gmt 0)

Im wondering if someone could help me out with this.

On my site I have three protected directories each one for a different kind of suscription(3, 6 and 12 months). And I want to create a new forum that can be accesed by any member.

The problem is that the forum is in another folder and I have no idea of how to let members access it from their current directory with the same password and without asking them to enter it again.

Maybe I can solve this with an http-referrer or with a redirection...

Thanks in adavnced for your help...

 

toadhall




msg:914450
 6:43 am on Jul 22, 2002 (gmt 0)

Hi kidd,

Welcome to the board.

I shy away from http-referrer as it can be "shut off" in some browsers and security suites, and I think reusing the password from .htaccess is too convoluted, if possible at all.

Perhaps you could link from each protected directory via a form, sending a "hidden" name/value pair to test for in a conditional statement (if name equals value) on the index page of the forum folder.

Using the post method in the form will keep the name/value pair from appearing in the url.

A unique name/value pair for each protected directory could be used to track access to the forum.

kidd




msg:914451
 1:21 pm on Jul 22, 2002 (gmt 0)

Hi...

That is a great idea and it never ocurred to me to go that way. And I tried it out this morning and it works like a CHARM...

Thank you very much for your answer...

best of luck
uriel

bird




msg:914452
 4:25 pm on Jul 22, 2002 (gmt 0)

If you don't have very high security requirements (eg. you just want to keep out casual surfers), then the proposed solution is probably the simplest. However, anyone who gets hold of one of those name/value pairs will be able to access your forum as well, at any time. While they won't be visible in the URL, they can be grabbed from a cached copy of the previous page very easily.

Unfortunately, I can't think of a .htaccess based solution either. If you want to improve on security, then another way would be using cookies, which is probably most elegant and secure. In either case you might want to include more information in your tokens, such as a timestamp that makes them expire after a while, or other user specific data.

toadhall




msg:914453
 1:42 am on Jul 23, 2002 (gmt 0)

> can be grabbed from a cached copy of the previous page very easily.

Granted, it's a low security solution.

This no-cache header will take care of most cache problems:

header ("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header ("Cache-Control: no-store, no-cache, must-revalidate");
header ("Cache-Control: post-check=0, pre-check=0", false);
header ("Pragma: no-cache");

...must be at the top of the page. This is for use in php, but can be modified for perl or asp. The "guts" are the same; the function may be different.

kidd




msg:914454
 1:19 pm on Jul 23, 2002 (gmt 0)

I was thinkin also of sticking a couple of cookies in my forum and I think its a good idea the headers for keeping the page from being stored in the cache...

Ill be adding them this afternoon...

Thanks very much all for your replies...

best of luck to you....

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved