This is an old revision of the document!
Table of Contents
Securing Files with PHP Sessions
Summary
I write ebooks. Some of them I publish. I like to improve my stories by getting feedback from beta readers before the stories get released. Sharing on a web site is an easy answer, but obviously I don't want to share with the entire world.
Previously, I relied on a simple Apache .htaccess file to restrict a directory to only those who knew the shared password. Then, Nginx came along with it's “we don't do distributed configuration” attitude.
Rather than leaving my files flapping in the breeze and hoping no one would guess the URL, I quickly looked for an alternative solution. I found it with PHP Sessions.
Even though SDF is using Apache again, I still think this approach of securing files has merit.
The Idea
I didn't just sit down one day and pull PHP Sessions out of my backside. I did what anybody would do and took to the internet for examples. I found mine on Stack Overflow.
https://stackoverflow.com/questions/1243150/php-sessions-to-authenticate-user-on-login-form#1244097
This gave me the framework for what was possible. What I came up with for my solution, I will detail below.
The Code
For the impatient, I will first drop the code on you and explain later.
login.html
This is where users get sent to authenticate and it's the first page they see.
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Secure Files</title>
<style>
body {
background: #333333;
color: #CCCCCC;
}
fieldset {
line-height: 150%;
margin-left: auto;
margin-right: auto;
margin-top: 30vh;
text-align: center;
width: 12em;
}
input {
background: #CCCCCC;
color: #000000;
</style>
</head>
<body>
<form action="login.php" method="post">
<fieldset>
<legend>Secure Files</legend>
Username:<br>
<input name="username" type="text"><br>
Password:<br>
<input name="password" type="password"><br>
<input type="submit" value="Log In">
</fieldset>
</form>
</body>
</html>