Mobile app version of vmapp.org
Login or Join
Pope3001725

: How do I password protect a directory with a customizable login page? At the moment, I have a directory that's password protected by .htaccess and .htpasswd. The problem with this is that when

@Pope3001725

Posted in: #Authentication

At the moment, I have a directory that's password protected by .htaccess and .htpasswd. The problem with this is that when a visitor comes to my site, they get an ugly inbuilt Secure Area message rather than going through a friendlier-looking login page.

The only other way I know to password protect online is using PHP files that redirect if the user doesn't have a login cookie, but the problem with this is that although it protects pages of the site, it doesn't protect other site content (such as image and PDF files).

How can I make sure that all files within a directory are protected by a login while still presenting that login in a user-friendly way?

10.01% popularity Vote Up Vote Down


Login to follow query

More posts by @Pope3001725

1 Comments

Sorted by latest first Latest Oldest Best

 

@Miguel251

You need to deny access to the files by the webserver - there's 3 ways to do this: move the files outside the document root, tell the webserver not to allow access to the files in the directory tree where your content resides or (if you're running PHP as a different uid than the webserver) change the permissions so only PHP can read them. Then you need to route all requests for the content via a PHP script which verifies the authenticated session of the user before serving the content. It's not rocket science.

It's made a bit simpler if you implement the PHP proxy script as the 404 handler.

The problem is that performance/capacity/throughput will be poor.

There are different things you can do to tweak the security / performance - but it depends on how much security / performance you need.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme