Jump to content
xisto Community
SNiped

How To Redirect Not as simple as it sounds

Recommended Posts

I am currently doing a small prjoect for a group. We have the main website sorted out but the guys want a site where they can put there funny pictures, a forum and general stuff that we dont want the public seeing. I looked at paying for a secure area on our hosting but we did not want to have to pay more than we already were as it is not being hosted with Xisto.

SO i came to the conclusion of using a simple password page, and redirects. Is there anyway of redirecting users who have not first entered the correct password.

Ill try to explain in a bit more detail. Say my page gets a hit from google or a direct link to a certain page, is there a way of redirecting them back to the password page so they have to enter it, but once they enter it they are free to use the pages but they cant link straight to them.

Say you link to this page from some other site, it redirects you to the frontpage where the password is, you enter the correct password and can look at the pages inside but only if you have entered the password and you can only follow the links on the page no links from outside.

This might sound confusing but at the moment i have only found one site where they have something like this. It does not allow you to go straight to a page must go through the main page first. If you care to see what i mean here is the site Runescape redirect It is the url of a server but redirects you back to the homepage, then only if you go through the frontpage can you enter the server.

Cheers for any help you can provide.
MArtin

Edited by SNiped (see edit history)

Share this post


Link to post
Share on other sites

Yes, there is a method to do this. You would need some php scripting and quite likely sessions or cookies to keep track of those users that are allowed to access the page.

When the page is requested, check for the presence of a session id, if none exist, go to the password page. In the password page, ask for the username and password, if acceptable, set a session-id. If a session-id exists, allow access to the page, else re-direct to the password page.

See if this makes any sense to you:

session_name ('YourVisitID');session_start(); // Start the session.// If no session value is present, redirect the user.if (!isset($_SESSION['agent']) OR ($_SESSION['agent'] != md5($_SERVER['HTTP_USER_AGENT'])) ) {	// Start defining the URL.	$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);	// Check for a trailing slash.	if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {		$url = substr ($url, 0, -1); // Chop off the slash.	}	$url .= '/index.php'; // Add the page.	header("Location: $url");	exit(); // Quit the script.}

Read about sessions at the php.net site. http://php.net/

Share this post


Link to post
Share on other sites

Yes, there is a method to do this. You would need some php scripting and quite likely sessions or cookies to keep track of those users that are allowed to access the page.

 

When the page is requested, check for the presence of a session id, if none exist, go to the password page. In the password page, ask for the username and password, if acceptable, set a session-id. If a session-id exists, allow access to the page, else re-direct to the password page.

 

See if this makes any sense to you:

 

session_name ('YourVisitID');session_start(); // Start the session.// If no session value is present, redirect the user.if (!isset($_SESSION['agent']) OR ($_SESSION['agent'] != md5($_SERVER['HTTP_USER_AGENT'])) ) {	// Start defining the URL.	$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);	// Check for a trailing slash.	if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {		$url = substr ($url, 0, -1); // Chop off the slash.	}	$url .= '/index.php'; // Add the page.	header("Location: $url");	exit(); // Quit the script.}

Read about sessions at the php.net site. http://php.net/

Thank you very much. Now just to work out that in english. PHP was never my strong point. Thanks again for the help, i will play around with this peice of code to work out what to do with it. :)

Share this post


Link to post
Share on other sites

Just popped back to inform you all that i have tried the PHP one and managed to make a total mess of it. I have figured out i can use javascript to accomplish the same thing.

Share this post


Link to post
Share on other sites

You could also use the standard Apache (I presume it's an Apache server - I don't know if this works on other servers) http protection. It's slightly harder to manage, but it saves the hassle with the PHP debugging and possible security risks if you aren't completely competent.

Basically, there are two files:
".htaccess" and ".htpasswd"

This is the syntax you want for .htaccess:

AuthUserFile /full/server/path/.htpasswdAuthGroupFile /dev/nullAuthName EnterPasswordAuthType Basicrequire valid-user

the "AuthUserFile" is where we will store a list of valid users and passwords. The path for this can either be the full server directory from root, or it can be the path from the Apache "DocumentRoot" setting for your site. You can make this by putting
<?phpecho $_SERVER['SCRIPT_FILENAME']; ?>
in say "dir.php" in the directory that will be protected. When you run it, the script should give you something like "/var/www/asite/protected/dir.php" What you want to put behind "AuthUserFile" should in this case be "/var/www/asite/protected/.htpasswd".

"require valid-user" tells it that it HAS to be a user that is defined). One thing that complicates the whole issue slightly is that the passwords are all encrypted (I forget which algorithm), so you can't change them as easily. I'll get back to that. For now, here's what the password file (.htpasswd) should look like:

username:ZKGvcl5c9C/uM

There can be as many users in there as you want (just separate every user by a newline). You can make the password with this tool:
http://forums.xisto.com/no_longer_exists/

Enter the user name and password, and it generates the list for you (ignore all the other boxes, they are for the .htaccess file.

And I think that's it. I don't know if it made any sense, but what the hell. It might work :)
-E

Share this post


Link to post
Share on other sites

I did look at the .htaccess but i could not work out if it would protect the pages behind the password or not. If you could clear this up it would be handy as i have played with .htaccess before, and it worked (admittidly i was told that they needed htaccess set up and i just did it. HAd no idea if it would work, and still not sure if it worked)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.