php/mysql password protect directory ??

I’ve used htaccess to password protect directories in the past. Now I’m looking into using PHP/MySQL.

There are plenty of examples of the PHP out there. I don’t expect much trouble on that front. But all of these examples seem to focus entirely on the PHP code (and to a lesser extent) the MySQL database.

No one seems to say what settings (in htaccess ??) need to be set on the server to keep it from dishing out files directly linked in that protected directory. I mean, it’s all well in good to have PHP authenticate… but if something isn’t telling the server to enforce PHP authentication, then it’s trivial to get around.

Anyone have an example of what settings are necessary in .htacces (or wherever) that are necessary to require PHP/MySQL authentication?


Using PHP would be session based. Which means you have to validate the session on every page. This would not work to say protect image files in a directory.

On that note, you can use MySQL for authentication. Your server would need to add mod_auth_mysql and then you could configure the settings from within your htaccess or virtualhost container (assuming you use Apache)

Sponsor our Newsletter | Privacy Policy | Terms of Service