This would work like:
Login to /restricted_area --> default page index.php is accessed --> index.php decides where user is taken based on $REMOTE_USER (their username).

I like this solution because it gives good security for very little effort.

If you don't want to use .htaccess/.htpasswd you can still do more or less the same. Just submit the login form to a php file that decides to which URL the user is taken based on his/her username.

So, either you put some code in your login.php like this (pseudocode):
URL Redirect to mysite.com/username

Or, create a random string that is the name of their directory and store it in the DB along with the username, and (pseudocode):
URL Redirect to mysite.com/user-random-string-which-is-also-their-directory

Either way, remember that anybody knowing the directory name can access the subdirectory if they know the directory name. So, you need to include in each file called from the directory a bit of code that checks to see if the user is logged in. Or, you setup .htaccess security from each directory on the server side. (This can be a pain in the b**t if you have lots of users, want an automated signup procedure, etc).

Yes, this is something that I would like but I'm having difficulty understanding how to do this. How is this shown in my .php file?

"Either way, remember that anybody knowing the directory name can access the subdirectory if they know the directory name"

I think this is not true when you let users login at /clientlogin/ and forward them to /clientlogin/$username as the .htaccess and .htpasswd files in /clientlogin/ will protect dubdirectories too, right? Or am I wrong?

Creating a login like this is actually quite simple.

Simply create the directory you want to protect, upload a .htaccess and .htpasswd file to that directory.

The .htaccess file could look like this:

AuthUserFile /usr/local/psa/home/vhosts/yourdomain/htdocs/yoursecretdirectory/.htpasswd
AuthType Basic
AuthName PasswordProtectedArea
require valid-user

AuthUserFile is the server path to your .htpasswd file. You can usually find the server path in your host's FAQ.

The .htpasswd contain each user on a separate line.
Like this

username:password

The password should be encrypted. You can get your password encrypted on a lot of places on the web. search for "password encryptor". So, one line of your .htaccess file just look like username:alotofbogus

username:kEFOJmmoWOFjmDlSlk

Right. So far for the login part. Once your users are authenticated they will be automatically taken to index.php. Create your index.php and just use "echo" to write an HTML document with a meta-refresh tag to /clientlogin/$REMOTE_USER.

You should create the /clientlogin/$REMOTE_USER dirs beforehand. You could let PHP write if it is not yet there, but's I think this should het you started.

- Doing it this way means I don't need to use an mySQL database, right?
- I've already created my html file containing my login form. How do I call that?
- In my .php file would I just use the header location: /clientlogin/$REMOTE_USER to send the user to the right place?

Thanks again for your help!

Also the header needs some php style:

<?
header('refresh: 3;url=/'.$_SERVER["PHP_AUTH_USER"].'/index.php');
?>

Where / it's the DocumentRoot of the host u r accessing and 3 r seconds.

Could anybody put here a link about the mysql-php secure method for login-storing the encrypted pwds?.
Thanks.

Doesn't seem to work for me. I get a successful login but in the address line I can see that the code doesn't direct me to my user directory. (the PHP auth user)

any ideas what's wrong?

header('refresh: 3;url=/'.$_SERVER["PHP_AUTH_USER"].'/index.php');

Why isn't it inserting my username between the two slashes?

I have developed a basic authentication system using sessions and mysql database. How can I implement a facility to ensure that someuserA can only access the files in www.somesite.com/someuserA while someuserB can only access files in www.somesite.com/someuserB?

Thank you!