1

I have a portal with Login Authentication and after the user login to the website we are providing few links to the HTML files. This works perfect.

My concern is User's are able to access the HTML files without logging to the portal. I will not be able to convert the file to PHP as these files are huge and will be modified and updated regularly.

Please suggest how i can restrict the direct access to the HTML if the user is not logged in.

Tx Suneel

Marcin Orlowski
  • 72,056
  • 11
  • 123
  • 141
Suneel Kumar
  • 11
  • 4

1 Answers1

1

Use .htaccess file to restrict access and authenticate user, then put your HTML files in subfolder related to location of that .htaccess file (so its restrictions would also apply). For example, you create .htaccess file with content like this:

AuthName "Enter password"
AuthType Basic
AuthUserFile /path-to-folder/.htpasswd
Require valid-user

then you create .htpasswd files which holds logins and password hashes. It will look like this (one line per user):

userlogin:8OytGCYCAPbS6

You can use some online .htpasswd generators like this one

Marcin Orlowski
  • 72,056
  • 11
  • 123
  • 141
  • Thanks for your quick response. I tried using .htaccess file. Can you share me sample code if any?? – Suneel Kumar Sep 06 '12 at 11:59
  • I dont think it would be right suggestion for the external users to enter the password for each link. – Suneel Kumar Sep 06 '12 at 12:18
  • 1
    there's no "for each link" case – Marcin Orlowski Sep 06 '12 at 12:56
  • 1
    Sorry No.Actually i dont want the users to prompt with popup for entering username and password as the user will have already entered in php login system. Is there any setting in .htaccess file whether the request came from index.php file or not?? – Suneel Kumar Sep 06 '12 at 14:34