I'm a total newb at all of this so please be nice. ok heres my situation. I have an apache server with php5 as a module. as of right now i have a personal music server that requires a php login that checks mysql for the authorization and sets a cookie. This takes you to a php directory listing of my music collection that has links to each music folder.

Here's where I'm stuck. The php music links serve up a dynamic apache directory since there is no index.php. Great this is exactly what I wanted. The problem is sinceit's a virtual directory I can't figure out a way of password protecting each sub folder using php. I already have an .access file in place, but this is not ideal as it requires 2 separate logins (one for php and 1 for apache).

My gut is telling me to create a separate index.php file for each folder that checks for user. This could be benifical as I could load the album art,lyrics, etc as it's already in this folder. But, a programmer by nature, the thought of having the same file duplicated goes by every rule I stand for.

Is there someway to pass the php password to apache securely? Is there something I'm missing in php that creates the same virtual folder/sub folder listing that I can call my access script?

Any help is much appreciated,
rob311

This post has been edited by rob311: 18 Mar, 2008 - 06:58 AM

You need to password protect each director. I'm sorry, I know you dislike the two logins. But let's say you do what you're planning on.

Each index.php turns away anybody who doesn't have an acccount. So I go to the directory yellowcard/index.php and am turned away, I just to go yellowcard/oceanavenue.mp3 and I'm in.

Apache protection is the way to go.

thank you spearfish! You're right, I didn't take into account that somebody might figure out the exact mp3 file name and then they could d/l to their hearts content. Thanks for schoolin' me before I setup everything up only to realize I messed up.
rob311

Not a problem, when you're dealing with something like this, better safe than sorry!

I'm sure that there's some hypo-advanced way to do it, or maybe even an elegant solution. That's just how I personally would do it.

.htaccess is the way to go. saves all the trouble