How to do htaccess authenticated controllers/folders?

[eluser]gh0st[/eluser]
Hi.

Thanks for your reply.

The current situation is:

There is a legacy/PHP4 system, which has a htaccess authentication on a /cms/ folder.

As the website is pretty small, I've been able to rewrite pretty much everything in CodeIgniter as I was having major problems trying to integrate/re-engineer the exisiting legacy system to work in CodeIngiter.

As I've rewritten the site, I've come to the problem where I still want to use the htaccess authentication on the /cms/ folder, which of course doesn't really exist because they are all using the index.php as a front controller.

I do no want two systems (one old and one new) and I don't want 2 instances of CodeIgniter. The only two solutions left are:

* Put some kind of authentication on the /cms/ controller and all the controller/views that sit within it
* Move the entire codeigniter system folder out of root.

But the second solution does not really solve the problem because users can still get to the /cms/ controller.

With regards to your questions.

1. Do I mean re-engineering existing legacy CMS to work with CI framework
-> No, I've re-built the whole CMS in the CI framework as the website was quite small.

2. Do I mean just cp -a?
-> I don't know what cp -a means

3. Do I intend to migrate it, and is it possible just to leave it outside of CI in a seperate system.
-> I don't intend to use the existing system at all, I'm moving totally from the old system to a new CI flavor.

4. Can I swing data/users to the new CI based CMS
-> I've thought about this, but in practice I do not know if this works.

Let's assume you create a folder called /cms/, inside this there is the HTAccess authentication layer.

But at the same time there is a /cms/ controller within the CI framework.

Which takes presidence?

Let's assume further that I rename the /cms/ controller to something else, ie: /admin/

The user can still get to /admin/ by physically typing in the controller.

Other users have pointed out that it is not possible to put a HTaccess authentication layer on a controller, but if there is a way, and you're aware of it, please let me know.

Thanks.

[eluser]jedd[/eluser]

As I've rewritten the site, I've come to the problem where I still want to use the htaccess authentication on the /cms/ folder, which of course doesn't really exist because they are all using the index.php as a front controller.

If you mean you want to retain the .htpasswd contents, then this is relatively straightforward - see the link I posted earlier about pulling data out of those files - I think it uses a pretty simple php crypt() type function. If this is what you mean, is it because there's a lot of effort invested in the .htpasswd file? I reckon it'd be fairly easy to migrate that data out into a DB.

I'd suggest it would be time well spent to write a new and better auth system around this, though, especially if you're happy with using DB calls (and I get the impression that you are).

Let's assume you create a folder called /cms/, inside this there is the HTAccess authentication layer.

But at the same time there is a /cms/ controller within the CI framework.

Which takes presidence?

There's no precedence here, so much as CI's index.php is fronting everything

The way htaccess works - as a component of your web server (Apache, say) - is that it blocks access at a file system level. This is simply not relevant with CI, because of this index.php routing that occurs. While your URL looks like it's a listing of subdirectories, it's in fact never getting past index.php.

I can't think of a way (which isn't to say it's impossible) of having your .ht stuff respected within a single controller, and then pulling up the usual ht authentication dialog for the user. But I don't know a lot about the inner workings of htaccess authentication - it's been a while since I've set one up, and even then it was a very simple system.


Really, as above, I think you are going to have to write a very basic authentication system within CI - it could be as simple as a single model / single db table.

[eluser]msangapu[/eluser]
hmmm... i am facing a similar issue. i work in a unversity environment and i would like certain controllers protected via .htaccess.

but the problem as many people have noted, is that .htacess stops after index.php

is there no way to protect based on url parameters like index.php?controllerrestrict -> require valid user (in .htaccess)

?

[eluser]n0xie[/eluser]
Why not let CodeIgniter handle the authentication (i.e. letting people login) instead of using .htaccess ?

[eluser]msangapu[/eluser]
at our unversity, we make use of shibboleth authentication.

i haven't figured out how to tie that into codeigniter...

if i use CI for authentication, users would have to register/set-up passwords. here the the university, we already use an identity system... they already have usernames/passwords. i do not want users to create new accounts.

i can call the university's shibboleth system using .htaccess.

[eluser]n0xie[/eluser]
That makes sense. Well in that case I can't really help you, I'm not really the .htaccess expert

[eluser]msangapu[/eluser]
index.php?controllername is what i need to protect.

protection at the controller level is useless because CI "loads" them using require/include. i need to protect index.php based on the url parameters.

some of the posters on this thread have also encountered this problem. i wonder if any of them have found an alternative without using a CI-authentication system.