Professional Web Applications Themes

password-protection - PHP Development

Something just occurred to me... <yeah, I know, it scared me too> I just password-protected a website by including a password authentication script in each page of a private section. The script checks the login against the mySQL database. This type of protection will only affect the .php pages, won't it? The images that are contained in the pages are not protected, as they would be if I had a .htaccess file on the parent directory..? This method will not protect me from people hot-linking images from my directory and calling them directly, will it? What is the "best" way ...

  1. #1

    Default password-protection

    Something just occurred to me... <yeah, I know, it scared me too> I just
    password-protected a website by including a password authentication script
    in each page of a private section. The script checks the login against the
    mySQL database. This type of protection will only affect the .php pages,
    won't it? The images that are contained in the pages are not protected, as
    they would be if I had a .htaccess file on the parent directory..? This
    method will not protect me from people hot-linking images from my directory
    and calling them directly, will it? What is the "best" way of protecting
    the entire directory, both pages AND images?

    Thanx,
    Wm



    Wm Guest

  2. #2

    Default Re: password-protection


    > This type of protection will only affect the .php pages,
    > won't it? The images that are contained in the pages are not protected,
    as
    > they would be if I had a .htaccess file on the parent directory..?
    You're right. Use .htaccess.


    Leoniss - Leo B. Guest

  3. #3

    Default Re: password-protection

    > Something just occurred to me... <yeah, I know, it scared me too>
    > I just password-protected a website by including a password
    > authentication script in each page of a private section. The
    > script checks the login against the mySQL database. This type of
    > protection will only affect the .php pages, won't it?
    Indeed.
    > The images that are contained in the pages are not protected, as
    > they would be if I had a .htaccess file on the parent
    > directory..? This method will not protect me from people
    > hot-linking images from my directory and calling them directly,
    > will it? What is the "best" way of protecting the entire
    > directory, both pages AND images?
    Probably an .htaccess file.


    --
    SeeSchloß - [url]http://www.seeschloss.net[/url]

    SeeSchloss Guest

  4. #4

    Default Re: password-protection


    "Wm" <LAshooterhotmail.com> wrote in message
    news:xNEeb.5295304$mA4.751974news.easynews.com...
    > Something just occurred to me... <yeah, I know, it scared me too> I just
    > password-protected a website by including a password authentication script
    > in each page of a private section. The script checks the login against the
    > mySQL database. This type of protection will only affect the .php pages,
    > won't it? The images that are contained in the pages are not protected,
    as
    > they would be if I had a .htaccess file on the parent directory..? This
    > method will not protect me from people hot-linking images from my
    directory
    > and calling them directly, will it? What is the "best" way of protecting
    > the entire directory, both pages AND images?
    >
    > Thanx,
    > Wm
    >
    I totally agree that .htaccess is the right way to go. However, if that is
    not available to you or you have other reasons not to use it, a method I
    have used to protect HTML and other downloadable files (e.g., a Word
    Doent) is to store the sensitive material in a directory that is not
    accessible to web browsers. Under Apache, anything on the same directory
    level as /htdocs will work, such as /etc or /cgi-bin. Then your protected
    PHP script (which can reach into other directories besides the
    web-accessible ones) obtains the doent and makes it available to the
    user, either immediately through the fpassthru() or readfile() functions
    (for text and HTML files), or by setting up a download action via header()
    statements to send binary files. Look up help topics in "file download" on
    PHP websites for more info.

    Note that the latter technique can be directly applied to images on your
    page if you write a PHP script that grabs the desired image and sends it to
    stdout, setting the appropriate header() elements to let the browser know
    that an image is "on the way". Then you use the image tag in your original
    php/html file to point to this "image script" file in the "src=" attribute,
    e.g.,

    <img src="get_my_image.php?image_id=4">

    Since the <img> tag lives within your protected php file, and your image
    file (whatever corresponds to image_id=4) resides outside the web directory,
    this will only provide the image to someone with access to your original
    page.

    Douglas Abernathy


    Douglas Abernathy Guest

Similar Threads

  1. How to add a password protection to PDF?
    By Roberto in forum Adobe Acrobat SDK
    Replies: 0
    Last Post: December 19th, 10:46 AM
  2. Password Protection
    By zuhaimi zainal abidin in forum Macromedia Contribute Connection Administrtion
    Replies: 15
    Last Post: June 7th, 10:57 PM
  3. Password protection with XML
    By sneakyimp webforumsuser@macromedia.com in forum Macromedia Flash Actionscript
    Replies: 0
    Last Post: January 29th, 02:15 AM
  4. php password protection
    By Boris in forum PHP Development
    Replies: 2
    Last Post: November 17th, 12:47 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139