NYCPHP Meetup

NYPHP.org

[nycphp-talk] .htaccess user manager for PHP (similar to Auth Pro by cgi-city.com); mod_rewrite + PHP

inforequest 1j0lkq002 at sneakemail.com
Sat Dec 11 00:12:50 EST 2004


Jayesh Sheth jayeshsh-at-ceruleansky.com |nyphp dev/internal group use| 
wrote:

> Hello all,
>
> I was wondering if any of you knew of a PHP-script (either open source 
> or commercially-licensed) that helps one do the following:
> - Password protect all files or select files in a directory using 
> .htaccess files
> - The information in the .htaccess files will be written when the user 
> selects the files (or directories) to be password protected, and then 
> adds a username and password that correspond to those protected resources
> - Some user info, such as last login date and time and email will be 
> stored in a MySQL database
> - When  the administrator adds a new user (thus allowing the new user 
> to access a specific directory or set of files), that user's info is 
> stored in the MySQL database and the username and password info is 
> also written to a .htaccess file. (In this case the admin either 
> chooses a new password for the user, or one is randomly created by the 
> system.)
> - At this time, the user is also emailed with a note saying something 
> like: "John has added you as a member. Your username is john at aol.com, 
> your password is 4rgf567u. Log-in at http://www.somewebsite.com "
> - An access log should be available, showing who logged in last and when
> - Users should be able to add short notes to a guestbook that is 
> visible to other users
>
> This system should also be able to work with an existing website that 
> is full of static .html files. The reason .htaccess seems the best 
> tool for this job is that the potential client already has a boat-load 
> of static content that is to be protected.
>
> Finally, since the potential client is on a tight budget, the only 
> option seems to be to buy a PHP script that does all of this and 
> customize the script as necessary for the client. This will take much 
> less time than writing it from scratch, and thus fit into this 
> person's budget. I don't might writing this from scratch (in which 
> case I would use the htaccess class from pear.php.net ) - but the 
> thing is writing it from scratch takes longer than just installing and 
> customizing an existing script.
>
> I came across the following product from cgi-city.com:
>
> http://www.cgi-city.com/authpro/demo.shtml
>
> It is written in Perl, though, which is a bit denser than PHP, and a 
> bit harder to work with (my opinion only).
> Additionally, it is simply TOO feature rich, and the potential client 
> will likely not have a clue as to how to use it.
>
> Does anyone have any suggestions on how to proceed, or can anyone 
> suggest an appropriate third-party script?
> I searched sourceforge for "htaccess" and came up with a few things, 
> but I am not sure those scripts are good or easily customizable. If it 
> is a commercial script, I could only use it if the source code is not 
> encoded (i.e. is modifyable, even if I am not allowed to redistribute 
> it.)
>
> Another easier idea occured to me, but it involved mod_rewrite. I have 
> not used mod_rewrite before, but I have read about it. If anyone can 
> help me with the following mod_rewrite rule, I would be most grateful.
>
> Here's the idea:
> - Suppose the client's website is www.abc123.com
> - The client has files such as www.abc123.com/one.html and 
> www.abc123.com/two.html that need to be password protected
> - All current .html files are moved from the root web directory to a 
> sub-directory called "protected". This directory is protected by a 
> single set of  .htaccess username and password that is only available 
> to the administrator
> - The administrator logs into the control panel and whitelists all 
> file or selected files from the "protected" directory to be 
> processed/included later (by mod_rewrite and a PHP script). This 
> whitelist info is stored in a MySQL table
> - A mod_rewrite rule is written to say the following: all .html files 
> accessed from www.abc123.com are rerouted to the following file for 
> processing: www.abc123.com/load.php?page=chosenpage.html
> - The load.php page checks to see if the requested file exists in the 
> MySQL file whitelist.
> - If a user is logged-in, it includes the file. If not, it prompts the 
> user to log-in.
> - The log-in is performed using the PEAR Auth class. The username and 
> password info (along with user email and last login info) is stored in 
> a MySQL table.
>
> The advantage of this approach is that one is not dealing with messy 
> .htaccess files. Additionally, there is no duplication of username and 
> password data as in the previous case - where the username and 
> password were being stored both in .htaccess files and in a MySQL 
> database. Thus all info is in a MySQL database, and works with 
> existing static files.
>
> The user can continue to use Frontpage (or whatever) to modify static 
> files, and simply upload them to the "protected" directory.
>
> Does anyone know of a mod_rewrite rule to do the rewriting described 
> in step 5 above?
>
> Maybe this second method is more complication, but I am interested in 
> hearing feedback.
>
> Thanks in advance,
>
> - Jay
> _______________________________________________
> New York PHP Talk
> Supporting AMP Technology (Apache/MySQL/PHP)
> http://lists.nyphp.org/mailman/listinfo/talk
> http://www.newyorkphp.org
>
Jay,

You might look at amember pro. Last I heard that is how it worked, 
although it might do more/different. It was well regarded as a 
membershipadd on for mambo, invisionboard, etc.  and supported by the 
developer himself ($99price tag - look slike 139 now). Never used it 
myself. http://membership.cgi-central.net/scripts/amember/

-=john andrews




More information about the talk mailing list