php authentication

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I am just starting to learn php, and i am haveing some issues with
authentication and login.

I saw a lot of tutorials online, but i am not finding what i want.
How to prevent access to other files, other than the file doing the
What prevents a user from getting files by putting their names in the
Or should all files have authentication code
What about access to image files for example?

many thanks

Re: php authentication

I keep the files out of the htdocs tree. That seems to work for me.

Re: php authentication

Ya, that would work, but legitimate users need access to them


Re: php authentication


To resolve your problem you need to implement Session Management
After the user is authenticated through a username and password, a
is created.

Every time a file is requested the session is checked for validaty, if
the session
is still valid the file can be viewed.

This process forbids a user from accessing files by putting their names
in the browser

As for access to images, you will need a PHP script to send the actual
e.g showimage.php?imgid=5
Images are stored outside htdocs folder so users won't be able to
access them.
showimage.php will fetch the image based on its id.

Here's a simple tutorial for Session Management

If you have any specific question don't hesitate to reply.


Site Timeline