954,606 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
1 Year Ago
0

Restricted Site Access

Hello,
I am writing a development area for my clients to view their sites as I work on them. However, I'd like to restrict the directory of a given project to only users who are associated with that project. I'm looking for a way to create a "wrapper" so to speak, that wraps around all items in a project directory, and only allows users to view the directory if it is their project.

I was thinking of using frames as the wrappers. While this would prevent the directory from showing up in the address bar, it wouldn't prevent anyone else who knows the directory from accessing the project. Is there a way I can make sure no one can access the directories unless they go through my frames? Or does anyone have another suggestion?

Thanks in advance.

- EF

EvolutionFallen
Junior Poster
198 posts since Aug 2009
Reputation Points: 40
Solved Threads: 31
 
1 Year Ago
0

Sounds a little over complicated solution for something like that when there are easier methods of doing this. Why not just use htaccess to password protect a directory?

http://www.addedbytes.com/articles/password-protect-a-directory-with-htaccess/

pixelsoul
Junior Poster
124 posts since Feb 2011
Reputation Points: 54
Solved Threads: 23
 
1 Year Ago
0

I wanted to avoid the .htaccess route 'cause it doesn't look very nice. Plus I want to include the development page in a frame within my site, so I can offer options alongside.
Normally I could just add a snippet at the top of each page that checks if the user is logged in using sessions. But if I'm working on something like WordPress I'm not sure this solution would work, may interfere with WP's sessions.

EvolutionFallen
Junior Poster
198 posts since Aug 2009
Reputation Points: 40
Solved Threads: 31
 
1 Year Ago
Show Comments
1

Well regardless whether you put the WP site in a frame or not the session gets tied into the browser so if a customer authenticated to your system and then was able to see their WP site and could authenticate to it that should be fine.

pixelsoul
Junior Poster
124 posts since Feb 2011
Reputation Points: 54
Solved Threads: 23
 
1 Year Ago
0

True. That's pretty much what I'm going to go with. Add a snippet to check their session, and kick them out if they're not logged into my system. 

if(!session_id())
	session_start();
if($_SESSION['loggedin'] != true)
	header("Location: http://www.mydomain.com/");

Or something along those lines.

I was concerned that session_start() would conflict with WordPress, but as it turns out WordPress itself doesn't use sessions at all! The only area that may cause a conflict is in the case of plugins that utilize sessions, but there's ways to prevent problems there using WP hooks.

Thanks for your input, pixelsoul.

EvolutionFallen
Junior Poster
198 posts since Aug 2009
Reputation Points: 40
Solved Threads: 31
 
1 Year Ago
0

I may be wrong (never tried or tested it) but I don't think it would matter if you had a session in your app and Wordpress set its own session because they are separate, especially if you gave yours a session name. I would actually have to test that one out my self to really know if it was possible or not.

pixelsoul
Junior Poster
124 posts since Feb 2011
Reputation Points: 54
Solved Threads: 23
 

This question has already been solved

Post: Markdown Syntax: Formatting Help
You
View similar articles that have also been tagged:
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed