0

I believe I'm missing something so basic, that the instructions don't tell me how to deal with it. I need a basic log-in and I found php-login-minimal here.

I have this installed on a windows server and everything works as advertised, except that my files are not secured. My PHP files are in c:\php which is where I installed these files. When I go to index.php I can log-in. However, I can also access all my other files without logging in, simply by going to the URL.

What very basic functionality (or setup) am I missing?

Nathaniel Ford
  • 20,545
  • 20
  • 91
  • 102
user2029890
  • 2,493
  • 6
  • 34
  • 65
  • 1
    do you just want to password protect a directory? if so, google 'htaccess password protect' – FuzzyTree Apr 28 '15 at 01:41
  • You can't expect your files to be magicly protected by that script. It's probebly using certain sessions to check if a user is logged in or not. You need to find out which sessions, then include `session_start();` on top of all your other php files and add a redirect to the login page if those sessions aren't set. – icecub Apr 28 '15 at 01:42
  • This script is meant to be used in a configuration where every request is routed through their index.php file, which then loads different views. You need to setup .htaccess or similar server config that accomplishes this. – John McMahon Apr 28 '15 at 01:44
  • You may find this helpful: [Password protecting a directory and all of it's subfolders using .htaccess](http://stackoverflow.com/questions/5229656/password-protecting-a-directory-and-all-of-its-subfolders-using-htaccess) – nicolaus-hee Apr 28 '15 at 05:21

1 Answers1

1

You could try using a .htaccess file.

I'm still relatively new at this, but in the folders I do not want people to be able to access I use a file named ".htaccess".

In notepad or a similar program, open a new file and place in the following code: 

<Files ~ "\.(htaccess|php)$">
order allow,deny
deny from all
</Files>

When saving the file, make sure in the save dialog box you have "Save as type" set to "All Files" and then save the file with the name ".htaccess".

Place the resulting file in the folder where you do not want access, and voila. No more access.

radiocaf
  • 151
  • 3
  • 12