Hello and welcome to our community! Is this your first visit?
Register
Page 1 of 2 12 LastLast
Results 1 to 10 of 14
  1. #1
    Insanity Skype's Avatar



    Join Date
    Apr 2007
    Location
    England
    Posts
    27,397

    Access to a directory to logged in users

    How do I only allow access to a directory to logged in users without creating an infinite redirect loop?

    .htaccess file contains:

    Code:
    Redirect 301 /members/index.php http://www.epyks.net/forums/checker.php
    and checker.php contains:

    Code:
    <?php
    define('IN_PHPBB', true);
    $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
    $phpEx = substr(strrchr(__FILE__, '.'), 1);
    include($phpbb_root_path . 'common.' . $phpEx);
    
    // Start session management
    $user->session_begin();
    $auth->acl($user->data);
    $user->setup();
    ?>
    
    <?php
        if ($user->data['user_id'] == ANONYMOUS)
        {
           echo 'Please login!';
        }
    
        else
        {
            header( 'Location: http://www.epyks.net/members' );
        }
        ?>
    Hope you understand, ViciousDuck told me to post this and I haven't really got a clue :3

  2. #2
    Obsessed Veteran Adam's Avatar



    Join Date
    Nov 2004
    Location
    UK / England
    Posts
    17,271

    Re: Access to a directory to logged in users

    How I would do it;

    .htaccess, file inside my files folder.

    The .htaccess file would then point any request like files/mypicture.png to
    checker.php?file=mypicture.png

    Check if the user is logged in, and force the file through the header.


    (if that doesn't work just have a seperate script in that folder that forces download)

  3. #3
    Insanity Skype's Avatar



    Join Date
    Apr 2007
    Location
    England
    Posts
    27,397

    Re: Access to a directory to logged in users

    But wouldn't that only work for .mypicture.png?

    Or would you have a separate line in the .htaccess file for each file?

    So say you had

    porn.zip
    lol.png
    yay.wmv

    You'd have 3 lines in the .htaccess file, each one taking the request to the file and forcing it through checker.php ?

  4. #4
    Obsessed Veteran Adam's Avatar



    Join Date
    Nov 2004
    Location
    UK / England
    Posts
    17,271

    Re: Access to a directory to logged in users

    No, you can use dynamic variables / match modifiers in htaccess, so you can create rules. Writing every rule would be stupid, unless you only have a small range.

    Google up on it {in particular mod rewrite};

    http://www.yourhtmlsource.com/sitemanag ... iting.html

  5. #5
    Senior Member
    Join Date
    Apr 2008
    Location
    {postrow.POSTER_FROM}
    Posts
    424

    Re: Access to a directory to logged in users

    Code:
    Options -Indexes   # Don't allow index view of these folders
    RewriteEngine on   # Enable rewrite
    
    RewriteCond %{REQUEST_FILENAME} .*zip$|.*rar$
    RewriteRule (.*) http://epyks.net/checker.php?file=$1
    Code:
    Options -Indexes   # Don't allow index view of these folders
    RewriteEngine on   # Enable rewrite
    
    RewriteRule  ^(.*).zip$ ^forums/checker.php?file=1$ [R=301]
    Code:
     
    Options -Indexes   # Don't allow index view of these folders
    RewriteEngine on   # Enable rewrite
    
    RewriteRule ^members\.*zip$  (.*) ^forums/checker.php?file=1$ [R]
    This is what I tried for the .htaccess file. They all returned 500 errors.
    [center:5vxp2rwi][/center:5vxp2rwi]

    See, the problem is that God gives men a brain and a penis, and only enough blood to run one at a time.
    -Robin Williams
    The VIP Store | Net-Cake (Coming Soon)

  6. #6
    Obsessed Veteran Adam's Avatar



    Join Date
    Nov 2004
    Location
    UK / England
    Posts
    17,271

    Re: Access to a directory to logged in users

    Talk about over complicating things;

    Try

    Code:
    RewriteEngine On
    RewriteRule ^([a-zA-Z0-9_-]+)$ checker.php?file=$1
    RewriteRule ^([a-zA-Z0-9_-]+)/$ checker.php?file=$1

  7. #7
    Insanity Skype's Avatar



    Join Date
    Apr 2007
    Location
    England
    Posts
    27,397

    Re: Access to a directory to logged in users

    Quote Originally Posted by Adam
    Talk about over complicating things;

    Try

    Code:
    RewriteEngine On
    RewriteRule ^([a-zA-Z0-9_-]+)$ checker.php?file=$1
    RewriteRule ^([a-zA-Z0-9_-]+)/$ checker.php?file=$1
    Alright that sorted it, but regardless of being logged in or not it lets you download the file. Suggestions?

  8. #8
    Senior Member
    Join Date
    Apr 2008
    Location
    {postrow.POSTER_FROM}
    Posts
    424

    Re: Access to a directory to logged in users

    Quote Originally Posted by Skype
    Quote Originally Posted by Adam
    Talk about over complicating things;

    Try

    Code:
    RewriteEngine On
    RewriteRule ^([a-zA-Z0-9_-]+)$ checker.php?file=$1
    RewriteRule ^([a-zA-Z0-9_-]+)/$ checker.php?file=$1
    Alright that sorted it, but regardless of being logged in or not it lets you download the file. Suggestions?
    I can help you with that over msn.
    [center:5vxp2rwi][/center:5vxp2rwi]

    See, the problem is that God gives men a brain and a penis, and only enough blood to run one at a time.
    -Robin Williams
    The VIP Store | Net-Cake (Coming Soon)

  9. #9
    Insanity Skype's Avatar



    Join Date
    Apr 2007
    Location
    England
    Posts
    27,397

    Re: Access to a directory to logged in users

    Well that didn't work and now he can't be bothered to help me so. I have this in checker.php:

    Code:
    <?php
    define('IN_PHPBB', true);
    $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
    $phpEx = substr(strrchr(__FILE__, '.'), 1);
    include($phpbb_root_path . 'common.' . $phpEx);
    
    // Start session management
    $user->session_begin();
    $auth->acl($user->data);
    $user->setup();
    ?>
    
    <?php
    if ($user->data['user_id'] == ANONYMOUS)
    {
       echo 'Please login!';
    }
    
    else
    {
       @readfile("members/"($_GET['file]));
    }
    ?>
    But regardless of being logged in or not, the file is still downloadable.

    Any help is appreciated, thanks.

  10. #10
    Obsessed Veteran Adam's Avatar



    Join Date
    Nov 2004
    Location
    UK / England
    Posts
    17,271

    Re: Access to a directory to logged in users

    Actually this is quite a tricky subject, I remember trying to do the same thing last year.

    Instead inside the files folder replace your current .htaccess contents with

    Code:
    <Limit GET POST>
    order deny,allow
    deny from all
    </Limit>
    This will prevent any direct external traffic from getting the files. However you can create a php script outside of this folder which pushes out the file through the header if logged in. As php runs server side it will have permissions to enter this folder. Hopefully you can get the files that way.


 
Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •