Welcome to WebmasterWorld Guest from 3.81.29.226

Forum Moderators: Ocean10000 & phranque

Message Too Old, No Replies

setenvif remote_user

     
10:20 pm on Dec 22, 2003 (gmt 0)

New User

10+ Year Member

joined:Dec 22, 2003
posts:5
votes: 0


Hello,
I would like to restrict access to individual files in the same directory based on the user. I have tried with the following .htaccess file without success. Any suggestions?

Zana

AuthName 'My Protected Area'
AuthType Basic
AuthUserFile /home/var/etc/.htpasswd

<Files "index.php">
require user admin1
require user admin2
</Files>

SetEnvIf Remote_User "admin1" valid
SetEnvIf Remote_User "admin2" valid2

<Files "jpg1.jpg">
order deny,allow
deny from all
allow from env=valid
</Files>

<Files "jpg2.jpg">
order deny,allow
deny from all
allow from env=valid2
</Files>

12:26 am on Dec 23, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
posts:25430
votes: 0


Zana,

Welcome to WebmasterWorld [webmasterworld.com]!

> I have tried with the following .htaccess file without success.

Please tell us specifically what happens, and/or what you perceive to be the problem. It may save a lot of effort wasted on irrelevant answers.

Jim

6:23 am on Dec 23, 2003 (gmt 0)

New User

10+ Year Member

joined:Dec 22, 2003
posts:5
votes: 0


Hello

I would like to create a site where access to certain item would be controlled by user privilige. So in the same directory I would like to have the ability to allow access to a file to specific users and deny it to the others without user having to type in username and password each time.

One example would be a page with images where e.g. user1 would have access to the page but certain images would be inaccessable and thus not displayed.

With the previous code user can just login-in, but access to the files is restricted for all users.

Thanks for your quick answer,

Zana

[edited by: jdMorgan at 8:00 am (utc) on Dec. 23, 2003]
[edit reason] No URLs, please [/edit]

6:36 am on Dec 23, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
posts:25430
votes: 0


Zana,

Try using <FilesMatch> instead of <Files>. These two directives work differently -- read the description of <Files> and note the use of the word "basename". <FilesMatch> will allow you to use regular expressions to fully-specify a particular file or group of files for each authentication group.


<FilesMatch "^(file1¦file2¦file3)\.jpg$">
Order Deny,Allow
Deny from all
Allow from env=valid
</FilesMatch>

<FilesMatch "^(file4¦file5¦file6)\.jpg$">
Order Deny,Allow
Deny from all
Allow from env=valid2
</FilesMatch>

You must replace the broken pipe "¦" characters in the example above with solid pipe characters -- usually SHIFT-\ on your keyboard.

Jim

6:47 am on Dec 23, 2003 (gmt 0)

New User

10+ Year Member

joined:Dec 22, 2003
posts:5
votes: 0


I try with your code, but the image (jpg) files are not restricted for users.

Zana

SetEnvIf Remote_User "admin1" valid
SetEnvIf Remote_User "admin2" valid2

<FilesMatch "^(jpg1Šjpg4)\.jpg$">
Order Deny,Allow
Deny from all
Allow from env=valid
</FilesMatch>

<FilesMatch "^(jpg2Šjpg3)\.jpg$">
Order Deny,Allow
Deny from all
Allow from env=valid2
</FilesMatch>

[edited by: jdMorgan at 7:11 am (utc) on Dec. 23, 2003]
[edit reason] No URLs - Please see Terms of Service [/edit]

7:15 am on Dec 23, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
posts:25430
votes: 0


I don't see anything wrong with the code. If no-one else spots anything, I will try to test it myself when I get some time to do so.

Jim

7:20 am on Dec 23, 2003 (gmt 0)

New User

10+ Year Member

joined:Dec 22, 2003
posts:5
votes: 0


Code :

<FilesMatch "^(jpg1Šjpg4).jpg$">
Order Deny,Allow
Deny from all
Allow from env=valid
</FilesMatch>

<FilesMatch "^(jpg2Šjpg3).jpg$">
Order Deny,Allow
Deny from all
</FilesMatch>

proceed restriction for all users .Images (jpg2Šjpg3Šjpg1Šjpg4).jpg are not seen for eather admin2 and also admin1.

Zana

5:39 pm on Dec 23, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
posts:25430
votes: 0


Zana,

I have not had a chance to test yet, but try this:


SetEnvIf Remote_User "admin1" valid
SetEnvIf Remote_User "admin2" valid2
Order Deny,Allow

<FilesMatch "^(jpg1Šjpg4)\.jpg$">
Deny from all
Allow from env=valid
</FilesMatch>

<FilesMatch "^(jpg2Šjpg3)\.jpg$">
Deny from all
Allow from env=valid2
</FilesMatch>


I remember an old thread where, as I recall, it was discovered that Apache did not properly handle multiple "Order" directives in .htaccess <Files> or <FilesMatch> sections.

Jim

6:27 pm on Dec 23, 2003 (gmt 0)

New User

10+ Year Member

joined:Dec 22, 2003
posts:5
votes: 0


Thanks Jim. Do you have any suggestions how to solve this problem?

Zana

3:49 am on Dec 28, 2003 (gmt 0)

Junior Member

10+ Year Member

joined:Sept 16, 2000
posts:122
votes: 0


Zana,

Have you found a solution to your problem?

Using Apache environment variables is a rather complicated way to redirect authenticated users. Even if you get it to work, there will be broken images, 403 errors, because you are allowing and denying access to files based on user authentication.

A simple cgi or php script can be used to authenticate the user and then send the correct page without 403 errors or broken images.

--------------------
Example cgi script
--------------------
#!/usr/bin/perl

use CGI;
$cgi = new CGI;
print $cgi->header;

# retrieve authenticated username
$remote = $cgi->remote_user;

# open authenticated userfile
open(USER, "/path/to/userfile");
@user = <USER>;
$user = @user;
foreach $user(@user) {

# split file into users and data.txt for webpage
($name,$data) = split(/\Š/, $user);

# search data file to confirm user and data.txt for webpage
# then send to sub routine, close database and exit
if ($name =~ /^$remote$/) { &success; }
}
close(USER);

sub success {
# header section for webpage
print qq~
<html>
<body bgcolor="#ffffff">
<center>~;

# retrieve users data.txt file for inclusion in webpage
open (DATA, $data);
@lines = <DATA>;
close(DATA);
print qq~
@lines

# footer section for webpage
</center>
</body>
</html>~;
}
exit;

-----------------------------------------
The above script uses a pipe delimited flatfile
for storage of users and data.txt for webpages

admin1Šadmin1.txt
admin2Šadmin2.txt
user1Šadmin1.txt

------------------------------------------
admin1.txt contains data for admin1 user

<p>Hello my name is Admin1
<p><img src="1.jpg"><img src="2.jpg">

admin2.txt contains data for admin2 user

<p>Hello my name is Admin2
<p><img src="3.jpg"><img src="4.jpg">

===========================================

php can also be used to store authenticated users in mysql or a delimited flatfile

I'm not too good at php and it would take too long for me to write a script that does the same as cgi example above but the following will return authenticated users and display them on a monitor.

<?
$remote = $_SERVER['REMOTE_USER'];
echo $remote;
?>