theory question

General discussions related to php

Moderators: macek, egami, gesf

Post Reply
commandlinekid
New php-forum User
New php-forum User
Posts: 3
Joined: Sun Mar 19, 2017 12:41 pm

theory question

Post by commandlinekid » Sun Mar 19, 2017 12:45 pm

Can anyone help me here?

I've developed in "Everything" for over 30 years. In "2017" if you will, I mostly develop in .NET but have written little PHP (and before that Perl and html) pages for as long as they've been around.

Question: If I want to block an entire directory in .NET and then Open it up based on login, I just add a line in web.config.

BUT how do I do that in PHP?

Do I really have to lock down every single page with the "include once auth" section? And do I Really have to lock down the ability to see a directory of .jpgs I only want logged in people to see via .htaccess THEN write a script to programatically show them?

This all seems so backwards to me I have to think there could be a "real way" to do it? Thanks for the help.

chorn
php-forum Active User
php-forum Active User
Posts: 300
Joined: Fri Apr 01, 2016 2:18 am

Re: theory question

Post by chorn » Mon Mar 20, 2017 1:24 am

thats not part of PHPs realm. PHP does not provide file access, it's just a process running from a file. you can change the rights on the filesystem, e.g. chmod, or within your webserver that pipes your files through PHP, e.g. htdocs for apache.

commandlinekid
New php-forum User
New php-forum User
Posts: 3
Joined: Sun Mar 19, 2017 12:41 pm

Re: theory question

Post by commandlinekid » Mon Mar 20, 2017 5:14 am

No, not what I'm saying. There should be a way whereby PHP (like .NET does with web.config) to say "all stuff not viewable unless someone is logged in."

I don't get it. Do people really, say if they have a directory with stuff they want Only logged in people to see...have to .htaccess or chmod it closed THEN pipe the file through an opened-PHP file (outside permitted)? This seems sloppy, anti-progress, and I would be surprised if that were the case.

Anyone?

chorn
php-forum Active User
php-forum Active User
Posts: 300
Joined: Fri Apr 01, 2016 2:18 am

Re: theory question

Post by chorn » Mon Mar 20, 2017 9:03 am

as far as i can see, web.config is only some file somewhere on some windows webserver which manages user access and file permissions. thats not the realm of PHP, but of Apache. if you can edit web.config, you can also edit the .htaccess and .htpasswd files along with using chmod. if you want to do that from within PHP thats no problem.

commandlinekid
New php-forum User
New php-forum User
Posts: 3
Joined: Sun Mar 19, 2017 12:41 pm

Re: theory question

Post by commandlinekid » Mon Mar 20, 2017 9:48 am

Not sure I'm getting my question out there correctly.

What is the Best Practices way to lock down a site THEN open it up as people log in?

Meaning say I had this directory structure:

/
/images
/documents

...And I wanted the world to see "/" but ONLY logged in users to be able to access ANY FILES in /images /documents. How would I do that?

hyper
php-forum Active User
php-forum Active User
Posts: 286
Joined: Mon Feb 22, 2016 5:52 pm

Re: theory question

Post by hyper » Mon Mar 20, 2017 3:40 pm

Whilst it makes sense to you to allow only logged in users to access certain folders by using a web.config file, it is using another system:

To answer your question, you need to provide the current system that you looking to use?

Is it Linux based? - The operating system -
does it use Apache, nginx etc........? - The server software -

Flake
New php-forum User
New php-forum User
Posts: 5
Joined: Sat Mar 18, 2017 8:04 am

Re: theory question

Post by Flake » Wed Mar 22, 2017 10:12 am

Unlike ASP.NET, PHP doesn't provide a built-in login system. However, there is a very simple way to accomplish your task. Create a .htaccess file which rejects all permissions and another .htaccess one level up to that directory which provides friendly-URL resolution. In the file you set in the friendly-htaccess file, check whether the user is logged in and return a 403 if they aren't, and if they are, set the Content-type header and include the file in the friendly-URL.

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests