Forum Moderators: phranque
What I would like is to have a protected directory which is protected by a php login script which checks a database for access by the user via username/password. But it also has to show the login screen if the user bookmarks any page in the directory. And as a bonus, have .jpg and .gif files not be downloaded even with a page save as.
So far i have tried variations of...
Options +FollowSymlinks
RewriteEngine on
RewriteRule ^(.*)/.*$ - [L]
RewriteRule! .+jpg¦gif¦bmp¦css) /hard/path/to/the/login/file/secure.php
AddHandler mywrapper .html
Action mywrapper /hard/path/to/the/login/file/secure.php
Nothing seems to work and with my simple knowledge of .htaccess and mod_rewrite it has proved to be confusing beyond my comprehension.
I have downloaded/read/printed enough articles and apache manuals to fill a 2" binder. I guess what I am asking is for, of course, is the solution, but also a short explaination for as to what each line does.
I know its alot to ask, but I don't have the weeks/months it will take to learn this. Although I am going to spend the time to find look over everything I have, but just not for this project.
Can someone please help...
# Exclude subdirectories from this rewrite
RewriteCond %{REQUEST_URI} !^/[^/]*/
# Rewrite all but image and css requests to login script
RewriteRule !\.(jpg¦gif¦bmp¦css) /hard/path/to/the/login/file/secure.php [L]
I assume that the login script is not located in the same directory as the pages to be rewritten. If it is, then its URL-path will need to be explicitly excluded from this rewrite as well, in order to prevent a loop.
Jim
What happens in the login script (displays the secure.php file) is that when it verifiies the u/p, it will seek out the proper header(location) from the database and redirect them to that directories index page with session variables populated. Where it should pass thru the .htaccess right to the index page, because it has session variables.
^^^ that's if they login through my login form.
If they bookmark the location, the .htaccess will call the secure.php file which will display my login form, upon input, it will check the data and pass them to the index of that directory.
If not verified, it will display the login script again.
****************
The prevention of downloading should carry into all subdirectories. I want the only way to upload or download to be by ftp.
Hopefully that is more clear, btw, I the clarification was mainly for me.?
Now, with %(Request_URI) in there, does that mean /path/to/directory/ and would I really need it if it is already in that directory? And why did the [L] move to the end of the file?
One other question, once it goes through the secure.php file and is redirected to the .htaccess, how does it know that the session variables are present and let it by? Does there need to be a line of code saying that if the session is a certain value let it in?
Thanks again for the reply jd it is starting to make more sense as I go along. And I just realized I posted this question twice, sorry. The other one didn't show up in a search but i didn't click on my posts.
