I remember on bugtraq there was an issue of referer problems. This is a big issue for "subscription" sites that don't want shared access of an acct, or for people who don't want people to link a certain page. Schema - taint the pages with an authkey of some sort that does not require cookies. People don't like cookies for fun reasons, but that is not the issue in this case. main requirement: php3/coldfusion/server-side javascript, a database accessable to the language of choice. 1. Have an entrace page, either the front page, or a page where you want everyone to at least have gone through. A request for username and password. Fine, now once it's found, set a request_from field, the ip from where the request is made. So the schema is broken down into... site.db:username,password,ip-request How do you force a pop up dialog to pass auth? here's one stolen from php3's website. --- <?php if(!isset($PHP_AUTH_USER)) { Header("WWW-Authenticate: Basic realm=\"My Realm\""); Header("HTTP/1.0 401 Unauthorized"); echo "Text to send if user hits Cancel button\n"; exit; } else { echo "Hello $PHP_AUTH_USER.<P>"; echo "You entered $PHP_AUTH_PW as your password.<P>"; } ?> --- Fine, now you have a frontpage.html, some place where you want people who are about to go off onto your other pages, to go through. If they don't, refer them back to the front page or call them an idiot for trying to hit that page directly. You can finally ask for passwords. Using some sorta sql, set the ip of the request for that username and ip. Joy, now we know where we are coming from. 1.1 if you don't want people to have "accounts" just generate a "next user" (incramental, duh.. use time or something) user, random password (maybe a hash of the random user) and ip. once in a while, expunge users that are no longer needed. 2. I know in apache you can have a header.html so that it processes the lookup all the time, like it usually does, but now php3 or something else is doing the work. It should be faster with sql instead of flat files. Let's not debate that. So this header.html now will ask for password and user, and with some OTHER sql, ask for the user, password and ip you set earlier. if the ip in the databse matches with the current, you are set! Give content. -spence yard productions, inc. p.s. For me, I'm using it with php3, apache and msql.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:26:26 PDT