I’m looking to password protect my entire site directory with HTML forms + PHP. I am able to capture an authenticated session and navigate between the pages with help from this post (Thank you!) - however any external files that are linked in those pages are not visible to the browser. Here's a reference image
The Problem
index page renders but without any assets ( css, js, images, fonts, etc; )
Directory
Everything is at the root directory.
├── pages
| ├── page-1.html
| └── page-2.html
| └── page-3.html
├── assets
| ├── main.css
| └── all.js
├── .htaccess
├── login.php
└── index.html
.htaccess
RewriteCond %{REQUEST_FILENAME} !login.php
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule .* login.php?file=$0 [QSA,L] # pass everything thru php
login.php
<?php
$file = 'index.html';
$password = $_POST['password'];
$key = 'password';
if(isset($_POST['submit'])){
if($password === $key){
$_SESSION['login'] = true;
readfile($file);
die();
} {
echo "<div class='alert alert-danger'>wrong password.</div>";
}
}
?>
<html>
<head>
<title>Login</title>
</head>
<body>
<form action="" method="post">
<label for="pwd">Password</label>
<input type="password" class="form-control" id="pwd" name="password" required>
<button type="submit" name="submit" class="btn btn-default">Login</button>
</form>
</body>
</html>
index.html
<html>
<head>
<meta charset="UTF-8">
<link href="/assets/main.css" type="text/css" rel="stylesheet">
<title>A title</title>
</head>
<body>
A list of links
<ul>
<li>
<a href="/pages/page-1.html">page-1</a>
</li>
<li>
<a href="/pages/page-2.html">page-2</a>
</li>
<li>
<a href="/pages/page-3.html">page-3</a>
</li>
</ul>
</body>
<script src="/assets/all.js" ></script>
</html>
I suspect that assets is not accessible because they are still private. Perhaps the solution is to allow access to not just index file?
I have zero experience in writing server side script like PHP so please bear with me if the answer to this question is really obvious. Thank you so much in advance!!
