NYCPHP Meetup

NYPHP.org

[nycphp-talk] .htaccess user manager for PHP (similar to Auth Pro by cgi-city.com); mod_rewrite + PHP

Rolan Yang rolanyang at gmail.com
Fri Dec 10 14:46:34 EST 2004


If you want to use mysql, you might want to look into the
mod_auth_mysql for apache. That may be a cleaner approach instead of
having your scripts create the .htpasswd and .htaccess files.

ftp://ftp.kcilink.com/pub/

~Rolan


On Fri, 10 Dec 2004 14:19:15 -0500, Jayesh Sheth
<jayeshsh at ceruleansky.com> wrote:
> Hello all,
> 
> I was wondering if any of you knew of a PHP-script (either open source
> or commercially-licensed) that helps one do the following:
> - Password protect all files or select files in a directory using
> .htaccess files
> - The information in the .htaccess files will be written when the user
> selects the files (or directories) to be password protected, and then
> adds a username and password that correspond to those protected resources
> - Some user info, such as last login date and time and email will be
> stored in a MySQL database
> - When  the administrator adds a new user (thus allowing the new user to
> access a specific directory or set of files), that user's info is stored
> in the MySQL database and the username and password info is also written
> to a .htaccess file. (In this case the admin either chooses a new
> password for the user, or one is randomly created by the system.)
> - At this time, the user is also emailed with a note saying something
> like: "John has added you as a member. Your username is john at aol.com,
> your password is 4rgf567u. Log-in at http://www.somewebsite.com "
> - An access log should be available, showing who logged in last and when
> - Users should be able to add short notes to a guestbook that is visible
> to other users
> 
> This system should also be able to work with an existing website that is
> full of static .html files. The reason .htaccess seems the best tool for
> this job is that the potential client already has a boat-load of static
> content that is to be protected.
> 
> Finally, since the potential client is on a tight budget, the only
> option seems to be to buy a PHP script that does all of this and
> customize the script as necessary for the client. This will take much
> less time than writing it from scratch, and thus fit into this person's
> budget. I don't might writing this from scratch (in which case I would
> use the htaccess class from pear.php.net ) - but the thing is writing it
> from scratch takes longer than just installing and customizing an
> existing script.
> 
> I came across the following product from cgi-city.com:
> 
> http://www.cgi-city.com/authpro/demo.shtml
> 
> It is written in Perl, though, which is a bit denser than PHP, and a bit
> harder to work with (my opinion only).
> Additionally, it is simply TOO feature rich, and the potential client
> will likely not have a clue as to how to use it.
> 
> Does anyone have any suggestions on how to proceed, or can anyone
> suggest an appropriate third-party script?
> I searched sourceforge for "htaccess" and came up with a few things, but
> I am not sure those scripts are good or easily customizable. If it is a
> commercial script, I could only use it if the source code is not encoded
> (i.e. is modifyable, even if I am not allowed to redistribute it.)
> 
> Another easier idea occured to me, but it involved mod_rewrite. I have
> not used mod_rewrite before, but I have read about it. If anyone can
> help me with the following mod_rewrite rule, I would be most grateful.
> 
> Here's the idea:
> - Suppose the client's website is www.abc123.com
> - The client has files such as www.abc123.com/one.html and
> www.abc123.com/two.html that need to be password protected
> - All current .html files are moved from the root web directory to a
> sub-directory called "protected". This directory is protected by a
> single set of  .htaccess username and password that is only available to
> the administrator
> - The administrator logs into the control panel and whitelists all file
> or selected files from the "protected" directory to be
> processed/included later (by mod_rewrite and a PHP script). This
> whitelist info is stored in a MySQL table
> - A mod_rewrite rule is written to say the following: all .html files
> accessed from www.abc123.com are rerouted to the following file for
> processing: www.abc123.com/load.php?page=chosenpage.html
> - The load.php page checks to see if the requested file exists in the
> MySQL file whitelist.
> - If a user is logged-in, it includes the file. If not, it prompts the
> user to log-in.
> - The log-in is performed using the PEAR Auth class. The username and
> password info (along with user email and last login info) is stored in a
> MySQL table.
> 
> The advantage of this approach is that one is not dealing with messy
> .htaccess files. Additionally, there is no duplication of username and
> password data as in the previous case - where the username and password
> were being stored both in .htaccess files and in a MySQL database. Thus
> all info is in a MySQL database, and works with existing static files.
> 
> The user can continue to use Frontpage (or whatever) to modify static
> files, and simply upload them to the "protected" directory.
> 
> Does anyone know of a mod_rewrite rule to do the rewriting described in
> step 5 above?
> 
> Maybe this second method is more complication, but I am interested in
> hearing feedback.
> 
> Thanks in advance,
> 
> - Jay
> _______________________________________________
> New York PHP Talk
> Supporting AMP Technology (Apache/MySQL/PHP)
> http://lists.nyphp.org/mailman/listinfo/talk
> http://www.newyorkphp.org
>



More information about the talk mailing list