[eluser]skfriese[/eluser]
Is there any way to restrict access to the content within a web-accessible folder using the login details contained within a PHP session? Please read scenario below before replying. ;-)
I have an existing CodeIgniter application that happens to serve up web accessible content. Users are required to login to view the content, and their sessions are managed through DB-based PHP sessions. This all works fine, for the most part. However, it is still possible to access the web-accessible content directly by bypassing the CodeIgnitor application altogether and entering the URL to the content within the browser's address bar.
Now, the reason why this is
now a problem is that there was never a requirement to "lock down" the content. The application merely tracks the user's progress through the content using AJAX if the user is logged into the application. No such progress is tracked if accessed "outside of the application". No big deal, but the client wishes to lock this content down now, and only allow those logged into the system to access it.
Being familiar with htaccess/htpasswd, I am able to restrict access to main content folder, but then the users must login
again to launch the content. Thus my question above. Is there any way to "set" the
$_SERVER['PHP_AUTH_USER'] or
$_SERVER['PHP_AUTH_PW'] through PHP, so that I can set the HTTP authentication criteria when the user logs into the application? I'm also familiar with passing requests to the content using a "proxy" PHP script and authenticating that way instead, but that is not an option with this type of content as it is structured.
Any direction is greatly appreciated. I've attempted some serious Google-Fu over the past couple of days with no luck so far. :-S
