Welcome to WebmasterWorld [webmasterworld.com]!

> I have tried with the following .htaccess file without success.

Please tell us specifically what happens, and/or what you perceive to be the problem. It may save a lot of effort wasted on irrelevant answers.

Jim

I would like to create a site where access to certain item would be controlled by user privilige. So in the same directory I would like to have the ability to allow access to a file to specific users and deny it to the others without user having to type in username and password each time.

One example would be a page with images where e.g. user1 would have access to the page but certain images would be inaccessable and thus not displayed.

With the previous code user can just login-in, but access to the files is restricted for all users.

Thanks for your quick answer,

Zana

[edited by: jdMorgan at 8:00 am (utc) on Dec. 23, 2003]
[edit reason] No URLs, please [/edit]

Try using <FilesMatch> instead of <Files>. These two directives work differently -- read the description of <Files> and note the use of the word "basename". <FilesMatch> will allow you to use regular expressions to fully-specify a particular file or group of files for each authentication group.

<FilesMatch "^(file1¦file2¦file3)\.jpg$">
Order Deny,Allow
Deny from all
Allow from env=valid
</FilesMatch>
 
<FilesMatch "^(file4¦file5¦file6)\.jpg$">
Order Deny,Allow
Deny from all
Allow from env=valid2
</FilesMatch>

Jim

Zana

SetEnvIf Remote_User "admin1" valid
SetEnvIf Remote_User "admin2" valid2

<FilesMatch "^(jpg1Šjpg4)\.jpg$">
Order Deny,Allow
Deny from all
Allow from env=valid
</FilesMatch>

<FilesMatch "^(jpg2Šjpg3)\.jpg$">
Order Deny,Allow
Deny from all
Allow from env=valid2
</FilesMatch>

[edited by: jdMorgan at 7:11 am (utc) on Dec. 23, 2003]
[edit reason] No URLs - Please see Terms of Service [/edit]

Jim

<FilesMatch "^(jpg1Šjpg4).jpg$">
Order Deny,Allow
Deny from all
Allow from env=valid
</FilesMatch>

<FilesMatch "^(jpg2Šjpg3).jpg$">
Order Deny,Allow
Deny from all
</FilesMatch>

proceed restriction for all users .Images (jpg2Šjpg3Šjpg1Šjpg4).jpg are not seen for eather admin2 and also admin1.

Zana

I have not had a chance to test yet, but try this:

SetEnvIf Remote_User "admin1" valid
SetEnvIf Remote_User "admin2" valid2
Order Deny,Allow
<FilesMatch "^(jpg1Šjpg4)\.jpg$">
Deny from all
Allow from env=valid
</FilesMatch>
 
<FilesMatch "^(jpg2Šjpg3)\.jpg$">
Deny from all
Allow from env=valid2
</FilesMatch>

Jim

Zana

Have you found a solution to your problem?

Using Apache environment variables is a rather complicated way to redirect authenticated users. Even if you get it to work, there will be broken images, 403 errors, because you are allowing and denying access to files based on user authentication.

A simple cgi or php script can be used to authenticate the user and then send the correct page without 403 errors or broken images.

--------------------
Example cgi script
--------------------
#!/usr/bin/perl

use CGI;
$cgi = new CGI;
print $cgi->header;

# retrieve authenticated username
$remote = $cgi->remote_user;

# open authenticated userfile
open(USER, "/path/to/userfile");
@user = <USER>;
$user = @user;
foreach $user(@user) {

# split file into users and data.txt for webpage
($name,$data) = split(/\Š/, $user);

# search data file to confirm user and data.txt for webpage
# then send to sub routine, close database and exit
if ($name =~ /^$remote$/) { &success; }
}
close(USER);

sub success {
# header section for webpage
print qq~
<html>
<body bgcolor="#ffffff">
<center>~;

# retrieve users data.txt file for inclusion in webpage
open (DATA, $data);
@lines = <DATA>;
close(DATA);
print qq~
@lines

# footer section for webpage
</center>
</body>
</html>~;
}
exit;

-----------------------------------------
The above script uses a pipe delimited flatfile
for storage of users and data.txt for webpages

admin1Šadmin1.txt
admin2Šadmin2.txt
user1Šadmin1.txt

------------------------------------------
admin1.txt contains data for admin1 user

<p>Hello my name is Admin1
<p><img src="1.jpg"><img src="2.jpg">

admin2.txt contains data for admin2 user

<p>Hello my name is Admin2
<p><img src="3.jpg"><img src="4.jpg">

===========================================

php can also be used to store authenticated users in mysql or a delimited flatfile

I'm not too good at php and it would take too long for me to write a script that does the same as cgi example above but the following will return authenticated users and display them on a monitor.

<?
$remote = $_SERVER['REMOTE_USER'];
echo $remote;
?>