: How do I password protect a directory with a customizable login page? At the moment, I have a directory that's password protected by .htaccess and .htpasswd. The problem with this is that when
At the moment, I have a directory that's password protected by .htaccess and .htpasswd. The problem with this is that when a visitor comes to my site, they get an ugly inbuilt Secure Area message rather than going through a friendlier-looking login page.
The only other way I know to password protect online is using PHP files that redirect if the user doesn't have a login cookie, but the problem with this is that although it protects pages of the site, it doesn't protect other site content (such as image and PDF files).
How can I make sure that all files within a directory are protected by a login while still presenting that login in a user-friendly way?
More posts by @Pope3001725
1 Comments
Sorted by latest first Latest Oldest Best
You need to deny access to the files by the webserver - there's 3 ways to do this: move the files outside the document root, tell the webserver not to allow access to the files in the directory tree where your content resides or (if you're running PHP as a different uid than the webserver) change the permissions so only PHP can read them. Then you need to route all requests for the content via a PHP script which verifies the authenticated session of the user before serving the content. It's not rocket science.
It's made a bit simpler if you implement the PHP proxy script as the 404 handler.
The problem is that performance/capacity/throughput will be poor.
There are different things you can do to tweak the security / performance - but it depends on how much security / performance you need.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.