FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » General » PHP discussions » restricting access to binaries via php?
Show: Today's Messages :: Polls :: Message Navigator
Switch to threaded view of this topic Create a new topic Submit Reply
restricting access to binaries via php? [message #6799] Thu, 24 October 2002 21:06 Go to next message
Olliver   Germany
Messages: 443
Registered: March 2002
Karma: 0
Senior Member
Hi,
title may be a bit misleading but the following idea stands behind it. I want to create a small page for a friend of mine which stores within a directory presentations in .swf format. Only authorized persons should get access to these files. Problem is, that my friend wants to have a login form and not the .htaccess triggered password prompt by the browser. Documents don't seem to be a problem, thought about an authentification scheme using crypt() for the passwords. Then I only need to include the authorization scheme in each document, read the cookiefile I set and that's it. But what to do with that shockwave files? They still can be accessed from outside if the url is known to someone, guess that would have been the part where the Apache authorization scheme kicks in.
Is there a way to realize it just using php? encrypting passwords and comparing the result with the ones in the .htpasswd file does not work because apache crypt and php crypt have different results so the strings compared would be always false.
Maybe messing around with mod_rewrite rules could help, but I've never done it before. any hints would be appreciated, try to figure it out on my own then Smile
bye
Ken
Re: restricting access to binaries via php? [message #6807 is a reply to message #6799] Fri, 25 October 2002 01:41 Go to previous message
Olliver   Germany
Messages: 443
Registered: March 2002
Karma: 0
Senior Member
Meanwhile I found out the mechanism Apache uses for encrypting. I need to fetch the 1st 2 characters of the password and use them as salt for crypt($string, $salt) Since the username is in plain text and the length of the encrypted pass in .htpasswd always 13 characters if using crypt I can fetch the data using regexps. The rest should be pretty trivial to realise Smile
Thnx for ur help, anyone Wink
bye
Ken
  Switch to threaded view of this topic Create a new topic Submit Reply
Previous Topic: OOP php
Next Topic: mail() vulnerability up to php 4.2.2
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sun Dec 01 02:24:35 GMT 2024

Total time taken to generate the page: 0.02647 seconds