Do you have access to httpd.conf or conf.d, or do you have a cooperative host? This is a perfect application for the RewriteMap directive in mod_rewrire, but that requires that the Map be defined (a one-time addition) in the server configuration. Once defined, it may be accessed from per-directory .htaccess files.

An alternative is to use a script to generate each .htaccess file when a new directory/group is created -- again a one-time thing. It's easy enough to check for "directory exists" in mod_rewrite or any modern scripting language.

Jim

Thank you very much for your reply, i have been looking into rewritemap as i had never heard of it before. Yes i have access to the configuration files i'm on a dedicated server, well more accurately a managed dedicated so i can get them to edit them for me, which is probably a good thing :). Is it possible to take variables from a url within the rewritemap as i can't quite work out how to? I think i'm right in saying i could have something like:

RewriteMap varmap txt:/var/www/varmap.txt

and then use varmap within htaccess in a rewrite rule such as:

RewriteRule ^/ss/([^/]*)/?(.*) ${sessionmap:$1¦/test/}/$2

Obviously what i would want to happen is have something like (obviously in pseudo code, this clearly wouldn't work!)

RewriteMap zipnumber ^(*.)zips/download.php?download=$1

where when a url was typed in that had zips/download.php?download= inside it the variable zipnumber would be assigned to what $1 is in the above case. I could then presumably use this within my htaccess file as follows?:

AuthType Basic
AuthName "access"
AuthMYSQLhost localhost
AuthMYSQLuser user
AuthMySQLPassword pass
AuthMySQLDB db
AuthMySQLUserTable table
AuthMySQLNameField FUsername
AuthMySQLPasswordField FPassword
AuthMySQLGroupTable TSubscription
AuthMySQLGroupField FAccessSection
AuthMySQLEnable On
AuthMySQLPwEncryption none
require group $zipnumber

Or maybe i have got RewriteMap totally wrong? :) I really appreciate your help on this, it's good to learn about these things, i can imagine this being useful for other things. As you say i could have it creating each htaccess file automatically but i would prefer to do it this way as it seems much neater.

Thanks very, very much,

Dave

In your first example, there's an inconsistency between varmap being defined while sessionmap is being referenced in the RewriteRule, but other than that, I think you've grasped the basic idea. The only missing part is the text file containing the keys and output data.

Alternatively, the Map can be a cgi script (e.g. PERL) that accesses your main site-wide database to do the lookup. This is especially useful for e-commerce sites, since *all* URL and page administration can then be done using one administration tool (script).

Also "/test/" in your rule should be a default filepath or path-part for use if the map lookup fails (because it can't find an entry for the requested key). Since you pseudo-coded it as "/test/" instead of "/default/" or "/fail/", I wanted to mention that.

If you haven't heard of RewriteMap before, I strongly suggest a top-to-bottom read of Apache's mod_rewrite documents -- And a repeat read after gaining some experience (and confidence) with using mod_rewrite... It makes much more sense as you gain familiarity with it. Once you've used it for several years, the very-brief nature of the document, unladen as it is with numerous explanations and examples, becomes a positive attribute.

Jim

Yeah that was my fault i forgot to change the name of the variables to the same thing in both lines. What you say makes perfect sense, the only thing i'm not sure of is it then possible to use a cgi script (eg perl or php etc) to take the variable out of the url dynamically and use that as a variable, as it needs to be taken from the current url rather than out of a database etc?

Can i just, for example, write a php script that will extract the variable eg using a get/post on the url and some validation. Then

RewriteMap urlvar php:/var/www/getthevariable.php

within the config file then use

require group $urlvar

as the last line of my htaccess file? Or have i missed the point :)?

Thank you so much for your help, it really really is massively appreciated,

Dave

You're not going to be able to pass variables between modules like that.

I suggest you take all of the functions associated with your "user authentication" and move them into a script. Apache's basic function is to serve files in response to requests, and it is just not set up to do anything fancy at all. As such, writing directives that are processed by the Apache modules cannot be seen in any way as advanced programming or scripting -- It's all meant to be dirt simple, and accordingly, very fast.

Have a look around on the Web for log-in scripts; You should be able to find something that will work for you, which you can then modify to consider URL-variables as part of the login factors.

Jim

Thanks very much for your help, i suspected something like that might be the case. In which case (purely due to the way the login system works which is already quite complex for other areas of the site) i'm thinking the easiest thing to do would be to have a php script write the .htaccess file dynamically when it creates the directory for the zip file which would solve all the problems but just require some extra directories but allow it to be all automated. Is there any reason why this would be a problem (given it would be a static file with one variable different in each one) from a security or any other point of view?

Is there anything specific within php that i should use to output the .htaccess file or can i just output a 'text' file that i name .htaccess and store in the relevant directory?

Once again thanks so much for your help, it really is appreciated so much,

Dave

Thank you so much for your help, i just wanted to let you (and anyone else should it be of any interest) that i have written a php script that outputs the .htaccess file into an automatically created directory appending the directory name to the group require line in each case hence allowing directory/zip specific download rights control to be per user per zip file. This seems to work absolutely perfectly and unless there is some security issue that i'm not thinking of it seems to be a good solution (albeit involving slightly more directories than the one originally intended, which turned out to be impossible).

Anyway thanks again so much for your help, if you have any thoughts that this may be insecure then i'd be very interested to hear them, otherwise thanks very much again,

Dave