kaputski
08-02-2009, 06:50 AM
I am horrible with .htaccess and tried to look at tons of examples of code to get what I want to achieve. Basically I need to protect a whole directory. Easy enough.. But i need it to allow a server side php script to access the files using "include". I'll have the folder disguised within the php code.. but I wanted to make sure if someone found the directory they couldn't inject it into the url variable and gain access anyway. For example..
The path is as follows:
root/football/tpl/protected/
- inside the tpl folder is the php code that will include files from the protected directory through variables in the url.
This is the code the visitors will see:
mysite.com/football/tpl/content.php?var1=phpcode.tpl&var2=samplepage
- the php script uses sessions to make sure the user has access to view it.
Now this url will allow anyone to view:
mysite.com/football/tpl/content.php?var1=protected/samplepage.tpl&var2=samplepage
Basically if they just move var2 to var1 and add protected/ to it then they can gain access.. So i'd like a .htaccess solution that can read the url and if the word "protected" is in there i'd either remove it, or redirect them somewhere else... Any help or Ideas?
I suppose another solution that would be easier if possible... to force code at beginning of all the files within the directory.. that way all the files can have sessions in them.. I really don't want to code hundreds of files. Thanks..
The path is as follows:
root/football/tpl/protected/
- inside the tpl folder is the php code that will include files from the protected directory through variables in the url.
This is the code the visitors will see:
mysite.com/football/tpl/content.php?var1=phpcode.tpl&var2=samplepage
- the php script uses sessions to make sure the user has access to view it.
Now this url will allow anyone to view:
mysite.com/football/tpl/content.php?var1=protected/samplepage.tpl&var2=samplepage
Basically if they just move var2 to var1 and add protected/ to it then they can gain access.. So i'd like a .htaccess solution that can read the url and if the word "protected" is in there i'd either remove it, or redirect them somewhere else... Any help or Ideas?
I suppose another solution that would be easier if possible... to force code at beginning of all the files within the directory.. that way all the files can have sessions in them.. I really don't want to code hundreds of files. Thanks..