Reputation: 746
htaccess & php check for authorization
I have an
http://example.com/DL/
directory with free access for anyone, now I wanna to deny access for unauthorized users so I writte very simple index.php with code
<?php
include('config.php');
session_start();
$result = (mysql_query("SELECT * FROM accounts WHERE hash='".$_SESSION['hash']."' ");
$row = mysql_fetch_array(result);
if($row['access']) {
return true;
} else {
header("location: /login.php");
}
?>
question: is there way to setup .htaccess to check if index.php returns true every time user request
http://example.com/DL/*
?
Upvotes: 0
Views: 255
Answers (1)
Reputation: 7775
You can use mod_rewrite to make all requests be routed to index.php.
See this example.
This way you can utilize the Front Controller Pattern
Which basically means that index.php will be your router into the other parts of your code. This allows for the access control that you are looking for but also lets you have a good structure of the rest of your code.
Another recommendation is to only expose index.php in your web root and have the rest of your code outside of the publicly visible folder. This way you will also prevent someone from fetching all your code base when you forget to configure apache properly.
Upvotes: 1
Related Questions
- Only allow access to files if logged in (htaccess?)
- Check permissions on every page request, then redirect
- trouble with .htaccess authorizations
- htaccess, auth to use index.php but allow some folder without any auth
- htaccess Authentication with PHP
- PHP and .htaccess authentication solution
- Require username/password to execute PHP script
- Protecting directories with htaccess by checking logged in user
- require username and password
- Manually initiate authentication using .htaccess