Protecting Files using PHP

[shebang]

I have a script for me to browse the source code of my projects. I wrote the script in PHP so that I can have authentication working. I got the authentication part working. Very simple. However in my /var/www/htdocs/foo/

I have foo.pl that I only want to be accessed if I logged in (authentication). But how do I make sure that if I type in the path to that file, it displays an error to log in rather than show the file ?

I only want clients to see foo.pl if they have authentication.

How can I do that?

I would've searched google but I don't know how to search for this information.

Any helps/hints are appreciated.

[countach44]

What are you using for authentication?

You could always just type something like
<?php exit("Go away" ?>
at the top of the file, but that's a crappy fix

[chessforce]

A simple way to do this would be by setting a cookie when the user logs in, and then in the script-needing-to-be-protected, check for that cookie, and if the cookie is not present, execute something like countach said above.

[countach44]

I thought he was using apache auth, I wonder if you can tell the server check sessions through the configs...

[shebang]

[quote author=Countach44 link=board=9;threadid=9920;start=0#msg89897 date=1098595368]
I thought he was using apache auth, I wonder if you can tell the server check sessions through the configs...
[/quote]

I was just using a form: http://slack-er.mine.nu/tmp/form.html

such as that.

Chessforce, I'll try that thanks!

[chessforce]

[quote author=Shebang link=board=9;threadid=9920;start=0#msg89904 date=1098626913]
[quote author=Countach44 link=board=9;threadid=9920;start=0#msg89897 date=1098595368]
I thought he was using apache auth, I wonder if you can tell the server check sessions through the configs...
[/quote]

I was just using a form: http://slack-er.mine.nu/tmp/form.html

such as that.

Chessforce, I'll try that thanks!
[/quote]

You are welcome!

countach44: Do you mean like this?

[shebang]

I actually got it working through cookies! However, if I wanted an HTML file to check for the cookies, I'd need PHP for all of them, wouldn't I?

[chessforce]

[quote author=Shebang link=board=9;threadid=9920;start=0#msg89918 date=1098642974]
I actually got it working through cookies! However, if I wanted an HTML file to check for the cookies, I'd need PHP for all of them, wouldn't I?
[/quote]

You could use PHP to check for the cookies. However, I do not know whether it is the only way.

[shebang]

[quote author=chessforce link=board=9;threadid=9920;start=0#msg89921 date=1098655042]
[quote author=Shebang link=board=9;threadid=9920;start=0#msg89918 date=1098642974]
I actually got it working through cookies! However, if I wanted an HTML file to check for the cookies, I'd need PHP for all of them, wouldn't I?
[/quote]

You could use PHP to check for the cookies. However, I do not know whether it is the only way.
[/quote]

Well, I can always use Perl. However, I am using PHP since I'm developing a web based project in PHP, this is all practice for my project, which involves authentication to view stuff. Guess I'll just make all my files PHP.

Thanks everyone for helping me out! karma++!

[countach44]

[quote author=chessforce link=board=9;threadid=9920;start=0#msg89912 date=1098640343]
[quote author=Shebang link=board=9;threadid=9920;start=0#msg89904 date=1098626913]
[quote author=Countach44 link=board=9;threadid=9920;start=0#msg89897 date=1098595368]
I thought he was using apache auth, I wonder if you can tell the server check sessions through the configs...
[/quote]

I was just using a form: http://slack-er.mine.nu/tmp/form.html

such as that.

Chessforce, I'll try that thanks!
[/quote]

You are welcome!

countach44: Do you mean like this?
[/quote]
nope, http://httpd.apache.org/docs/howto/auth.html