Home/ Questions/Q 237497
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-11T20:25:48+00:00

I was going to use .htaccess to password protect a directory for a php

  • 0

I was going to use .htaccess to password protect a directory for a php script I’m writing, as I do not trust my PHP skills to create a secure login, but I found out you cannot use relative paths for AuthUserFile and I could not generalize this.

If you could direct me to a secure PHP login script to password protect a directory I would be very grateful. Thanks.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    One thing you can do is keep all your “secret” files in a directory outside of the server’s webroot. All access to these files can then be routed through a single PHP-script inside your directory. Something like this:

    http://www.example.com/protected-directory/access.php?file=/foo/document.doc

    With a directory structure such as this:

    +--+ /server_root
   |
   +--+ /web_root
   |  |
   |  +--+ /protected-directory
   |     +-- access.php
   |     +-- access-denied.html
   |
   +--+ /protected_root
      |
      +--+ /foo
         +-- document.doc

    In your access.php you would do something like this:

    $file = $_REQUEST['file'];
if ($user->hasAccessTo($file)) {
    readfile("/server_root/protected_root/$file");
} else {
    readfile('access-denied.html');
}

    Now, you have to be careful that you make sure nobody screws with your file-parameter and passes something along like "../../../etc/passwd". Also, you probably want to make sure you send the correct headers in the above example, I omitted that for reasons of clarity.

    • 0