Proteger le contenu d'un répertoire

admin/.htaccess:

RewriteCond %{REQUEST_FILENAME} !check_auth.php
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule .* check_auth.php?file=$0 [QSA,L] # pass everything thru php

admin/check_auth.php:

$file = $_GET['file'];
if($_SESSION['user_authenticated']) {
    // please mind you need to add extra security checks here (see comments below)
    readfile($file); // if it's php include it. you may need to extend this code
}else{
   // bad auth error
Comments