going about this

Which part? How to generate the pdf files, or how to set up access control? The one thing I can say for 100% rock-solid certain is that HTML alone is not the way to do it. (This is the HTML subforum.)

Who are your members? Chess players, barbershop quartets, jockeys? n/m, not directly relevant, but what is relevant is
#1 whether your members will normally be accessing the site from their own computers (meaning that information could potentially be stored in secure cookies), or might they be logging in from anywhere?
#2 how many members you anticipate having in the future. With a ceiling of 150 you can do a fair amount by hand, but if you're looking at growing into thousands of accounts you'll need to get more automated.

Do you prefer a server-side solution (htpasswd, or IIS equivalent, where some parts of the site are unconditionally off limits) or something at the user's end involving typing in a username and password?

How secure does it need to be? It's one thing to restrict access to chess ratings; it's quite another to restrict access to a bank account.

Hi ..

The pdf bit is childs play that was just used as a bit of an indication to the type of documents that will be involved .

We are a car club in the west midlands we have a good number of members that compete on a good range of events rally race sprint go kart ect ect , We post an overall championship standing and an individual listing but would like to be able to set a restricted access area or file for each competitor ie fred bloggs has a file that no one else can read cus he has logged in as fred bloggs using membership number and a password but then joey soap would also need the same but for a different file or directory ..

Hope this gives a bit more of an idea i was unshure of the ability of .htaccess to be able to do this ..

Thanks Pete

It isn't an htaccess issue. You'll need htpasswd [httpd.apache.org] for authentication and authorization [httpd.apache.org] * if that's the route you wanted to take.

Yes, I figured out after posting that the "pdf" part referred to what the member sees. I first misread it as the method you want to use for sending each member their initial password.

:: wandering off to see if this question can be shifted to the Apache subforum ::


* The links don't mean we're going to abandon you. They're just for my own future reference.

Hi ..

Thanks for the reply

I was unsure reading the htaccess htpasswd stuff that i could define joe soap sees his docs only and not the entire tree i may be getting confused .

If it can be done via htaccess htpasswd then all the better for me

Pete .

Mm, yeah, I see your point. htpasswd is more about giving a pool of users access to the same directory.

Now, you could make a separate subdirectory for each user, with a separate password for each. Set it up with a "Satisfy Any" directive (exact wording will depend on Apache version) so each directory can be accessed by two people: its individual owner, and yourself. Seems a bit overkill, though.

Or you could make it a two-stage process: the username-plus-password combination is what gets you into the directory in the first place. Once there, the username is used to generate the filename of the individual pdfs, like www.example.com/scores/your-name-here.pdf

That goes back to the levels-of-security issue, though. Does it matter if Joe Green could hypothetically ask for and see Bill Door's exact rankings, if he happens to know Bill's username? Depending on the nature of the organization, it may or may not matter. (For example, you can look up anyone's USCF rating. Nothing confidential about it. But I can't look up my neighbor's credit report.)

Hi Lucky24

I think i may well be going for the separate sub dir for each user route , It will keep the doubters at the club happy ( some of them drive me nuts not entering results then giving ME hasle because they did not do their bit Grrrrrrrrrrrrrrrr )

Pete

Hi

I think i am getting there slowly what i can not find so far is how do i associate a user password combination with a specific document or directory .

Thanks Pete

You have to put the htpasswd file in the directory it pertains to. If each user has their own, that means subdirectories, each with their own htpasswd. You could make it easier on yourself by duplicating some element, for example making the username the same as the subdirectory name. (But only because this isn't banking information, personal medical records or something similarly sensitive.)

htpasswd is not the only way to achieve the intended result. But it is pretty straightforward, so long as you don't need it to be dynamic. htpasswd isn't the ideal route if you want users to be able to add new accounts (this doesn't seem to be the case), or to change their own passwords at will.

Ah right that's the bit i failing to see thanks .. no i dont want them to be able to change anything just read the page .

Soon know if it works Jan 02 2015 first results of the new year will be in ..

Pete .