Preventing non-members from accessing content

Forum Moderators: phranque

Message Too Old, No Replies

Preventing non-members from accessing content

Redirecting non-members to registration page

riac

4:34 pm on Jul 22, 2004 (gmt 0)

I'm working on a site that provides a free area and a members-only area using a LAMP architecture. I'd like to have a directory /free for free content and a directory /member for content that requires members to log in. If a user enters the URL for anything under the membership directory I'd like to have them re-directed to a page that allows them to become a member.

It's simple enough for php pages in the membership area to redirect users who aren't logged in to another page. We also have content that isn't php pages, such as movies. I've been looking at mod_rewrite, but I haven't been able to come up with a solution.

I'm guessing there are standard design patterns for handling this problem, but haven't been able to find anything in my searches on the web. Any suggestions?

Thanks.

jdMorgan

2:15 pm on Jul 24, 2004 (gmt 0)

riac,

Welcome to WebmasterWorld [webmasterworld.com]!

The only thing that comes to mind here is to use cookies, which can be interrogated by mod_rewrite. If you can define "a member" in terms of how that is defined by your system, that would be helpful in getting better replies.

Jim

riac

5:59 pm on Jul 24, 2004 (gmt 0)

>>If you can define "a member" in terms of how that is defined by your system, that would be helpful

It's a public site, and people pay a fee to become a member. We have pages that allow users to create a name and password when they sign-up, and that name and password is stored in a MySQL database. Anyone accessing the site should be able to see all the content in the /free directory. Members will login to the site and we'll validate the name and password they supply. If they're a valid member, then they should be allowed access to the content in the /members directory.

From what I've been able to read it sounds like some form of http authication comes pretty close, since it allows you to secure entire directories. We'll have 1000's of members, so I'm guessing I'll need to use a database for the username and passwords.

The downside of http authtication is that the browser supplies the dialog that prompts for user name and password, and I'd prefer to use a form on a page in my site.

jdMorgan

6:12 pm on Jul 24, 2004 (gmt 0)

If you've got member data in a database, it'll be a pain to get that data into .htaccess or any server-level code. I'd suggest you use a script to control access to your member area. Pages in that area can be made to appear as static pages to users, but to really be "behind" your script by rewriting page requests to the script with the page name as a query string parameter. The script can then use the db to check membership status, and act accordingly.

The only part of this that is well-suited to Apache functions is the URL rewrite. Try a search on WebmasterWorld for "static dynamic URL rewriterule" for examples. The major piece of work here is in the authentication scripting.

Jim

riac

1:56 am on Jul 25, 2004 (gmt 0)

Thanks, Jim!

As you suggested, I've been playing with mod_rewrite and cookies and that's working for me.

There may be a few more things I'll need to tighten up, but cookies and mod_rewrite has gotten me past my major hurdle. I'll also check for "static dynamic URL rewriterule" in this forum and see if that turns up any other ideas I want to consider.