file-specific user authentication?

Forum Moderators: phranque

Message Too Old, No Replies

file-specific user authentication?

willg825

3:47 am on Feb 10, 2004 (gmt 0)

Question for people out there: I have htaccess/etc all set up in apache, and it works. This is what I need to do:

Someone browses to site, and clicks on "log in" link. Log-in link refers to a /private/ directory that requires a password. There are 10 different files in this directory; depending on the username (and password) that the user enters, a different file should show up. That is, there are 10 files, and 10 users - and each user should be able to click on the same log-in button, but depending on their username, get referred to the appropriate file.

All the files arein /private/ (as is htaccess/htpasswd, etc) - but that can be changed if there is a way to do it.

How can I do this using apache's authentication? Will I have to use something else, like php, to make this happen? Also, is there a resource that describes this process? (ive been looking for a while now and cant find anything)

-will

bakedjake

4:32 am on Feb 10, 2004 (gmt 0)

How can I do this using apache's authentication?

It's ugly. You'd have to do manual entries for EVERY file. It's probably easier to:

use something else

Yes, a simple script can be written to do this.

What would I do? Make a flat file that takes this format:

user,pass,filename

Then, your script simply asks for a login, then reads the file. If a user/pass matches, then serve the filename (transparently, via the script).

Easy. Maybe 15-30 minutes of programming time.

dcrombie

12:55 pm on Feb 10, 2004 (gmt 0)

I would do it with PHP myself but there might be an alternative using .htaccess and mod_rewrite.

You could test %{REMOTE_USER} with a RewriteCond to display a different page for each user.

Then place each file in it's own directory with a different user required in the .htaccess file:

eg. require user user1

The .htpasswd file can be shared and contain all the passwords, with the /private directory using "require valid-user" (allows all users in password file).

Does that make any sense?

willg825

3:47 pm on Feb 10, 2004 (gmt 0)

yeah - that definitely makes sense.

Late last night I figured a way to do it. Its not exact, but it works. Essentially, I have 10 different directories for each client, so when they log in, the only one they can see is theirs. So there is one log-in screen, and depending on their username, they can only see their one directory in the dir listing... they click on it and in their directory is their file.

i'm going to try and write a php script to link the username with a file, since all this httpd.conf stuff is getting messy, but for now it works

thanks for all your help - I appreciate it.

-will

Gorufu

1:08 pm on Feb 11, 2004 (gmt 0)

I use Apache authentication to send users to specific files and directories and find it really easy.

The following perl script should do the trick in conjuction with a flat file.

-----------------------------------
#!/usr/bin/perl

use CGI;
$cgi = new CGI;
$remote = $cgi->remote_user;

open(USERS, "/path/to/Users");
@line = <USERS>;
$line = @line;
foreach $line(@line) {
($user,$file) = split(/\�/, $line);
if ($user =~ /^$remote$/) { print "Location: $file\n\n"; }
}
close(USERS);
exit;
------------------------------------

Example pipe delimited flat file to different files in same directory for each user.

----------------
user1�user1.htm
user2�user2.htm
user3�user3.htm
----------------

You may need to add the full or relative path in the flat file if the script is run in a different location to the user files.

------------------------
user1�/dir/001/user1.htm
user2�/dir/002/user2.htm
------------------------