Ask a Question Register Login

javascript - authenticate via .htaccess on custom login

836

So my problem is this - i have custom authenticate code that writes in db `online` table ip, session id and user id(if login and password match) based on registered user data.
Soo i have some js scripts that are only needed when you are authenticated and i dont want them to be accessible if you are not logged in(its not unsecured but why to give playground), and i want all the script to be in one .js file.
Soo i thoght maybe i can make that folder with .htacces password protection and when i log into admin panel some php code make me also logged in in that appache system - is this possible? or i need to make js file php and then include it or something else? im baffled.

481

Answer

Solution:

Sure you can do that! But there is a much simpler way. Just use a php file as your script tag'ssrc attribute, and setup that file to handle the request:

<script src="/path/to/js_handler.php"></script>

The PHP file controls which Javascript is sent to the client. This is because PHP script can tell whether the user is logged in by looking at$_SESSION variables:

js_handler.php

<?php
    if(session_status()=== PHP_SESSION_NONE) session_start();
    $loggedIn = false;

    //determine whether the user is logged in by looking at values set
    // in $_SESSION by the login script. This is just an example
    if(isset($_SESSION['user']) && $_SESSION['expires'] > time()) 
        $loggedIn = true;

    //set JS header (otherwise the browser will expect an HTML file)
    header('Content-Type: application/javascript');

    //now send the right file to the browser
    if($loggedIn){
        //instruct the browser and proxies to never cache this file. Probably
        //better just set short caching (1-2hrs) to reduce server load
        header("Cache-Control: no-cache, no-store, must-revalidate");
        header("Expires: 0");

        readfile('/path/to/private.js');
    }
    else{
        //allow caching and reusing for up to 7 days
        header("Cache-Control: max-age=" . 60*60*24*7); //max age allowed: 7 days
        header("Expires: ".gmdate('D, d M Y H:i:s', time() + 60*60*24*7).' GMT');

        readfile('/path/to/public.js');
    }

People are also looking for solutions to the problem: php - date_default_timezone_set or ini_set(date.timezone) for Php7

Source

Didn't find the answer?

Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.

Ask a Question

Write quick answer

Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.

Similar questions

Find the answer in similar questions on our website.