Reputation: 1608
How to use Apache/PHP to protect directories from users that aren't logged in
My friend and I are building website that allows users to upload images. We have got this all sorted but we were wondering how to stop members of the public being able to access the files on the server, but allowing members to access them. Is there an Apache mod that would let us do this and link it with a PHP script to check if users are logged in?
Upvotes: 1
Views: 535
Answers (1)
Reputation: 198101
Yes there is an apache module you can use for authentication: mod_auth.
It supports multiple backends, so you can make your application share the credentials with it.
Apache itself is extendible at authentication as well, there are other modules that support a mysql database which is called mod_auth_mysql of which multiple variants exist. A better choice might be mod_authn_dbd for Apache 2.2 as it offers a generic interface to SQL databases of multiple flavors. As well, ldap is supported: mod_authnz_ldap.
Another alternative is using you PHP for authentication and then commanding the server to provide the file. That's often referred as X-Sendfile or mod_xsendfile, which is a third-party module.
If you're looking for a PHP only solution, one question that talks about it is How to password protect files (images, video, zip) dynamically from public and allow access to members only?.
Upvotes: 3
Related Questions
- PHP protect directory from direct URL access
- Restrict access to directory for users
- Avoiding the users to be able to see a directory in php
- Make Apache use PHP to control access to files / directories
- Protecting directories with htaccess by checking logged in user
- How to restrict people from entering directories on server
- How to let only authorized user access to some files?
- Protect files in directory using authentication script in php/apache
- How can I protect a directory using PHP?