[mdhall]

Was wondering about password protecting a folder/directory. Lets say I set up a website like this...

Main Directory...
file-intro.html
file-member sign up form
file-sign in form
folder-public area
folder-member area

Basically, anyone can access the public directory, but a viewer has to add themselves as a member via the form to access the member directory. The intro.html gives the viewer a choice between the public or member area. The sign up form adds their info to the db, the sign in form gives them access to the members folder. How can you pass protect the member folder/directory so that it queries the db for their sign in info (ex. member name & password)? This is so no one can access any files inside the folder before becoming a member. Does .htaccess do this, or is it only for one password? Sessions? I've found a few member-auth scripts, but they seem pretty massive, or don't seem to let you designate the directory you are led to after signing in, and I wasnt sure about protecting each page inside the folder. Hope I explained this clearly. Thnx.

[NeverMind]

I think there is no pretect-folder script up there yet , and I think it's not possible ...
you have to protect all files inside this folder ..
and yes you have to use sessions or cookies , in my current script I've used cookie method , and it's not that difficult! all you have to do is to define a function that checks for the cookie ! if the user has no cookie it will show error message and redierct him to login page ..
all you have to do is define this function and then call it in all the pages you want to protect ...
also you can have multi-privilaged system using the same method by defining a function to check that ..

sadly the script I wrote isn't in this machine I am using right now , or I would love to show it for you to give you a better view of what I mean

[mdhall]

Thanks for the response. Also, I should have mentioned that, after signing in, the user would be directed to an index.shtml file, not a php file. Does this change the way this needs to be set up?

[NeverMind]

I don't know how shtml files work so I am afraid I can't tell something useful

[mdhall]

Well, shtml is basically the same as html. The "s" just lets the server add includes into the page. So a setup for html pages should work for shtml, but I can't find a good solution for multiple users to get access to a standard html/shtml page. I dont like the idea of manually adding users to the htpassword file, or converting the pages to php since I'm more comfortable with html. A member-info type of form that goes to a php script that would add users to the htpass file would be ideal. Essentially I want it all automatically done, but feel I may not have too many options. Like I said, this is the first I've dealt with password-type areas, so I'm open to suggestions.

[NeverMind]

it is possible to have all passwords and users in a flat file ! but it NOT recommended because it is %1000 UN-Secure .. and may get hacked easily ..
but still possible to do ...
but having a plain html files that do protection is not possible ..

[mdhall]

Any idea how difficult, or time-consuming, to convert html pages to php? Thinking this might be the best alternative.

[NeverMind]

not a single hour on conveting !!!
all you have to do is beging your file with php tag '<?php'
and close it once you finish !!
an example to show what I mean :

PHP Code:

<?php

$ex='Hello world';

//now we will close the tag to put plain HTMLs

?> 

<HTML>

<HEAD>

<TITLE> <?php echo $ex; // we started them and closed them again just to print the variable 

?> 

</TITLE>

<BODY>

#lot's of plain HTMLS 

#

#

#end of HTMLs

<?php for ( $ .... //some php process ?>

</BODY>

</HTML>

as you can see php is colored while the other HTML in black which means php parser will NOT touch them unless they are inside the tags
now we have php and html in the same file and still will be excutable normaly .. just name your files with PHP and it shall work fine ..
hope I didn't confuse you

[mdhall]

That is quick. Couple of questions...

Can an if/else statement be added to check the member name/password then, so that if they dont match the page doesnt display, and if they do, it does display?

The purpose of this: <?php for ( $ .... //some php process ?>

I have some knowledge of php/mysql querys, but not much knowledge of straight php coding, so I apologize for sounding totally ignorant here (which I am).

[NeverMind]

Quote:

Can an if/else statement be added to check the member name/password then, so that if they dont match the page doesnt display, and if they do, it does display?

yes you can ..

Quote:

The purpose of this: <?php for ( $ .... //some php process ?>

it was just an example to show that you can use EVERY php process in your compined pages

and hey !! you are no ignorant !! because asking for knowladge is good