...

View Full Version : Advice - Is this even possible?



malik
01-20-2008, 03:33 PM
I have a project i am not sure how to achieve the desired results. I need some advice/direction if anyone can help.

I have a domain name. Under that domain lots of individual websites:

??????.com
??????.com/website1
??????.com/website2
??????.com/website3

1) The domain home page has a login screen. Depending on the username and password the user is taken to the relavent website index page.
This would all work fine i could specifiy the user/password and corresponding website directory in a mysql table

THE DILEMA - The websites are large and always being updated therefore i cannot add corresponding (session) php code to every html webpage within the websites. Therefore how can I stop a user copying and pasting a external link to one of these pages or files located within the website i.e. bypassing the login.

Any ideas?

tonyyeb
01-20-2008, 08:13 PM
Are cookies out of the question?

malik
01-20-2008, 08:57 PM
hi
it needs to be secure. what are you thinking?

firepages
01-21-2008, 12:51 AM
you could use HTTP_AUTHENTICATION (htpasswd & htaccess) which will give you folder based authentication.

note that if the sites are built with forethought then it would be easy to make sure every page includes a config file which would set the relevant sessions etc.

malik
01-21-2008, 01:43 AM
you could use HTTP_AUTHENTICATION (htpasswd & htaccess) which will give you folder based authentication.

note that if the sites are built with forethought then it would be easy to make sure every page includes a config file which would set the relevant sessions etc.


Looking at this further HTTP authentication appears the only way to successfully secure the folders.
The problem with this as far as i am aware is that using htaccess i cant find a way to incorporate the central login screen.
Any ideas how to login then be taken to the correct website folder which is then protected?.

weblive
01-21-2008, 06:15 PM
You can use a file or a database to assign usernames to urls... or that's not possible for you?

Digicoder
01-21-2008, 08:23 PM
If you are running apache, I would recommend you configure <virtualhost> blocks for the individual sites.
for example some one would use site1.???.com and that would lead them to the site one folder.


Edit:
read through this some more.
I see what you are trying to do, what you would want to do to keep things secure is use PHP session codes.
To do this you can add a file to the auto append directive in your PHP.ini file. with this central file, you would only have to validate site cookies or session data.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum