Is there any way to use our user database to protect access to other directories? using apache!!<br /><br />a year ago I studies things like apache mod-auth-mysql and similar things, but to no avail.<br /><br />This would be a very nice feature.

yes it would <img src="/forum/images/graemlins/smile.gif" alt="" />

What are some examples of how you would use this?

[]DLWebmaestro said:<br />What are some examples of how you would use this? [/]<br /><br />in a apache .htaccess file that restricts access to a directory by username and password.<br /><br />Instead of manually listing usernames and passwords, the ubbthreads database should be used.<br /><br />There are some attempts in apache modules, like mod authDB (?), mod authmysl, mod auth...???; but when I tried them last year I could not get them to work with any database, much less with our database.<br /><br />So basically, I want to specify, that a certain category of member of a ubbthreads board has access to some special download or picture directory.<br /><br />I think a hardcore apache hacker could produce this with not too much effort!!

Okay, but what are some examples of how you would use this?

I have something on a directory. Could be photos, a chat, anything.<br /><br />I want it to be accessible only by forum members, or only a certain category of forum members. I simply password protect the directory, using username and password from the ubbthreads database.<br /><br />It would allow to integrate almost any software with the board database, because it allows to limit access to registered members of the ubbthreads board.<br /><br />This is what I would like to have this for. If I could get it to work

It's much easier to use the thereads authenticate() function as we do here with the chat mods and such. Then you can use threads user groups to control access. <img src="/forum/images/graemlins/smile.gif" alt="" />

I think what he's saying though.. is even if you do use the authenticate() function... if a user knows the exact URL, then can still get the file, whether authenticated or not.<br /><br />For example.. say you have to login to use the chat. Granted, that stops 95% of the people from getting access to anything... but, for the smarter people, if they really wanted a file out of the /chat directory, they could try and type in the URLs in their browser until they got it right.<br /><br />I guess this was brought up over at photopost as well, because typically, if you have a private gallery that you can't see unless logged on, or a certain member, then others can't gain access to it. But.. unless the directory has .htaccess setup, users could still type in the URL of those "protected" images and retrieve them.<br /><br />But.. the problem is when you use .htaccess, it will prompt you for another login box, even if you are already logged into threads or likewise. So I think the ultimate goal here is to have the threads login information be passed to .htaccess so the user doesn't have to login again, yet the directory contents are as secure as possible.

I have a book on Apache that illustrates how to do this by creating a custom Apache module. It doesn't look too difficult, but I no longer have a dedicated server, so I can't experiment with it.

Oh that makes sense - like here - the download script for attachments hides the actual URL to the attachments - but if you knew the URL you could pull it down?

yes, like in the games section too... you can protect the .php file with threads authentication, but they could directly access the files <img src="/forum/images/graemlins/smile.gif" alt="" />

Doah - so like when I want to do an "intervention" and add some code to stop you from playing Crash Down so much - you'll just be able to use the URL and feed your addiction?<br /><br />LOL

[]JoshPet said:<br />It's much easier to use the thereads authenticate() function as we do here with the chat mods and such. Then you can use threads user groups to control access. <img src="/forum/images/graemlins/smile.gif" alt="" /> [/]<br /><br />As mentioned by another poster below, this can easily be defeated. I want to implement a Java Chat, for example.<br /><br />You told the the nick change function can be shut off in the paid version. Still I am sure this can be defeated. I don't want to tell her in public how someone can log in with a registered nick without the password, but I am quite sure I know of several methods.<br /><br />Can you assure that in the chat no nick falsification is possible? Actually, in the case of the chat, the only safe way is to put the authentication with our database INTO the chat software. I did that once with the volano chat<br /><br />Actually, I think with the .htaccess protection, if we protect all the chat files with it (the .js files), then it is hard to access the chat without the password, as the files cannot be obtained easily. But if the files are not on our server, then this would not do.<br /><br />But for directories, the only safe way to protect them is apache .htaccess, not just hiding directories. Very easy to find out where they are hidden.

[]Dave_L said:<br />I have a book on Apache that illustrates how to do this by creating a custom Apache module. It doesn't look too difficult, but I no longer have a dedicated server, so I can't experiment with it. [/]<br /><br />any takers???? I think you could become famous by fixing an authentication module that simply calls some arbitrary file, passes username and password, and waits for a response: "yes" or "not approved, reason is ...."<br /><br />This way people could easily write authentication scripts with any database.<br /><br />I am sure someone allows you to use their server, or better just install linux dual boot on your own computer!!<br /><br />Give me the link on "how to write a module", maybe this is the excuse I need to revive some of my programming skills. <br /><br />This needs what? c++? c?? perl would do??<br /><br />

That wouldn't work for Raidersoft though. It probably would if you were hosting it yourself, but with Raidersoft all the .js files are on their server. So there'd be nothing to protect on your end. <br /><br />But indeed I think some chat systems, like jpilot, have files you load on your own server.<br /><br />If you are using the paid Raidersoft - they do have the ability to interface with your database.<br /><br />But if you are looking for chat - I'd check out Raidersoft<br />http://www.sigmachat.com/features.html<br /><br />With Platinum version you can take it a step further than the mod posted here<br />[]<br />Complete integration with your own user database <br />- Use your own website scripts (we provide complete instructions) to authenticate users based upon their username/password.<br />- Alternatively, you can interface directly to our user database to upload your own list of users on an individual basis. We provide you access to all the information you'll need.<br />[/] <br /><br />But I could see where this could be really useful in protecting images and file downloads.

My current computer is on its last legs. I'm getting a new computer shortly and was planning on setting up a dual Win2K/Linux boot eventually, but that may be a while.<br /><br />Here's the reference I mentioned above:<br /><br />L. Stein & D. MacEachern, "Writing Apache Modules with Perl and C", O'Reilly, 1999, ISBN 1-56592-567-X, Chapter 6 (Authentication and Authorization).<br /><br />Apache modules can be written in either Perl or C. I think Perl is preferable, unless you need it to be really efficient, which probably isn't the case here.<br /><br />You might also check apache.org. Maybe something like this already exists.

[]JoshPet said:<br />That wouldn't work for Raidersoft though. It probably would if you were hosting it yourself, but with Raidersoft all the .js files are on their server. So there'd be nothing to protect on your end. <br /><br />But indeed I think some chat systems, like jpilot, have files you load on your own server.<br /><br />If you are using the paid Raidersoft - they do have the ability to interface with your database.<br /><br />But if you are looking for chat - I'd check out Raidersoft<br />http://www.sigmachat.com/features.html<br /><br />With Platinum version you can take it a step further than the mod posted here<br />[]<br />Complete integration with your own user database <br />- Use your own website scripts (we provide complete instructions) to authenticate users based upon their username/password.<br />- Alternatively, you can interface directly to our user database to upload your own list of users on an individual basis. We provide you access to all the information you'll need.<br />[/] <br /><br />But I could see where this could be really useful in protecting images and file downloads. [/]<br /><br />great advice!!!!! I will try the free raidersoft version, later upgrade!!<br />

[]Dave_L said:<br /><br />Here's the reference I mentioned above:<br /><br />L. Stein & D. MacEachern, "Writing Apache Modules with Perl and C", O'Reilly, 1999, ISBN 1-56592-567-X, Chapter 6 (Authentication and Authorization).<br /><br />Apache modules can be written in either Perl or C. I think Perl is preferable, unless you need it to be really efficient, which probably isn't the case here.<br /><br />You might also check apache.org. Maybe something like this already exists. [/]<br /><br />I am not in the US< so it is probably hard to get that book. I would need something on the web.<br /><br />Also the book might be outdated!! Though I am curious!! looks exciting!! At least I don't need to study C, with perl I get by.<br /><br />Any further links you know, I appreciate. Or will you do it?? <br />I think such a module is sorely needed, no clue why nobody produces it!!!<br />