PHP and htaccess question
March 17, 2009 5:58 AM Subscribe
I use .htaccess files to allow users access to files in certain directories based on their IP addresses/ranges. They are linked to these file from a page (not within the htaccess protected directory) generated in PHP. Is there a way to display a variable on this PHP page based on whether or not the user will be allowed access into .htaccess protected directories?
Ideally, if their IP address or range (CIDR) is in the htaccess file, they will be able to clink on the link and view the restricted files without any problems. If they don't have access, a link saying "Need to purchase this file?" will appear to the user.
Is this possible? I tried to google this but I am coming up short. Perhaps I am not using the best search criteria. Is there possibly a certain term for what I'm trying to do?
Are there any other similar solutions that would achieve the same result but I'm not aware of? A normal username/login system wouldn't work because some of the users come from institutions (Universities, libraries) where it is just much more easier to grant access via IP addresses.
Ideally, if their IP address or range (CIDR) is in the htaccess file, they will be able to clink on the link and view the restricted files without any problems. If they don't have access, a link saying "Need to purchase this file?" will appear to the user.
Is this possible? I tried to google this but I am coming up short. Perhaps I am not using the best search criteria. Is there possibly a certain term for what I'm trying to do?
Are there any other similar solutions that would achieve the same result but I'm not aware of? A normal username/login system wouldn't work because some of the users come from institutions (Universities, libraries) where it is just much more easier to grant access via IP addresses.
As devnull said, it's much easier to write the htaccess file with PHP than to read it with PHP. But if you aren't changing the IP range very often, it may be easiest to just edit both files manually. To test a visitor against an IP range in PHP, you could do something like this:
$start_ip = '10.92.1.4';
$end_ip = '10.92.29.4';
$visitor_ip = $_SERVER['REMOTE_ADDR'];
$visitor_can_access = (
( ip2long( $visitor_ip ) >= ip2long( $start_ip ) ) &&
( ip2long( $visitor_ip ) <= ip2long( $end_ip ) )
) ? true : false;
posted by scottreynen at 6:36 AM on March 17, 2009
$start_ip = '10.92.1.4';
$end_ip = '10.92.29.4';
$visitor_ip = $_SERVER['REMOTE_ADDR'];
$visitor_can_access = (
( ip2long( $visitor_ip ) >= ip2long( $start_ip ) ) &&
( ip2long( $visitor_ip ) <= ip2long( $end_ip ) )
) ? true : false;
posted by scottreynen at 6:36 AM on March 17, 2009
Response by poster: Hmm, yeah something in the back of my mind said the ips in a database would probably be the logical solution.
Would it be possible to somehow check and see what the HTTP response status codes for the visitor's IP address would be? Then display link if the code is 401?
posted by chillmost at 6:46 AM on March 17, 2009
Would it be possible to somehow check and see what the HTTP response status codes for the visitor's IP address would be? Then display link if the code is 401?
posted by chillmost at 6:46 AM on March 17, 2009
Check out the "ErrorDocument" directive.
This way, if somebody who has access sends the url to somebody who doesn't (which means they'll never get to your preliminary php document), you can use the ErrorDocument to show a "buy it here" html page. After that, you can reuse that effect by simply linking to the document form your php script and depend on the ErrorDocument directive to do the right thing.
posted by DreamerFi at 7:14 AM on March 17, 2009
This way, if somebody who has access sends the url to somebody who doesn't (which means they'll never get to your preliminary php document), you can use the ErrorDocument to show a "buy it here" html page. After that, you can reuse that effect by simply linking to the document form your php script and depend on the ErrorDocument directive to do the right thing.
posted by DreamerFi at 7:14 AM on March 17, 2009
Check out the "ErrorDocument" directive.
In particular, you'd want the 401 error (not 403... just sayin' because I mix them up sometimes).
Yes, but you don't want to do that, you would have to write an htaccess file parser.
I'm going to buck idea this a bit. Database setup, maintenance, and communication might well be as much overhead as writing a script to read info from htaccess files. Especially if (a) where what you need to read from the htaccess file is a well-defined and small subset of all possible directives (and I think allow/deny stuff qualifies) and (b) you're conversant with regular expressions.
It sounds like you essentially need to search a given htaccess file to see if it has something like "Allow from" somewhere in it. You could read it into a string, and use preg_match (or even strpos if the file's set up a particular way) to search for the IP address and allow directive, and if you get a successful match, you show one thing, if not, another.
There might be other reasons you'd want to migrate the info into a database, but I don't think simplifying this task is a particularly compelling one.
posted by weston at 9:56 AM on March 17, 2009
In particular, you'd want the 401 error (not 403... just sayin' because I mix them up sometimes).
Yes, but you don't want to do that, you would have to write an htaccess file parser.
I'm going to buck idea this a bit. Database setup, maintenance, and communication might well be as much overhead as writing a script to read info from htaccess files. Especially if (a) where what you need to read from the htaccess file is a well-defined and small subset of all possible directives (and I think allow/deny stuff qualifies) and (b) you're conversant with regular expressions.
It sounds like you essentially need to search a given htaccess file to see if it has something like "Allow from
There might be other reasons you'd want to migrate the info into a database, but I don't think simplifying this task is a particularly compelling one.
posted by weston at 9:56 AM on March 17, 2009
something like "Allow from "
should've been "Allow from <user ip here>"
posted by weston at 10:14 AM on March 17, 2009
should've been "Allow from <user ip here>"
posted by weston at 10:14 AM on March 17, 2009
Response by poster: Thanks for the tips and ideas. We already use the ErrorDocument directive to redirect unauthorized users to a page with more information, but we also wanted to put a link on the first page that only non-subscribers would see. Also Safari will not redirect to a php page if it is done using ErrorDocument 401. Or maybe it does but I am doing something wrong, but it works fine in any other browser. That's another problem for another question.
I have a feeling that I may actually migrate the info into a database because it would allow us to do some other things as well. But that is a whole other can of worms that I may have to shop out to real programmers.
posted by chillmost at 5:15 AM on March 18, 2009
I have a feeling that I may actually migrate the info into a database because it would allow us to do some other things as well. But that is a whole other can of worms that I may have to shop out to real programmers.
posted by chillmost at 5:15 AM on March 18, 2009
This thread is closed to new comments.
Instead, vave your htaccess files generated from a database, then check an ip against that database from php.
posted by devnull at 6:20 AM on March 17, 2009