Restrict php file in .htaccess based on mode/query string

StackOverflow https://stackoverflow.com/questions/18754703

Question

I want to restrict access to a specific file (ucp.php), but ONLY in registration mode. Ie, someone will have to authenticate in order to register, but once registered will be able to access other ucp.php functions (profile editing, for example), without being required to authenticate again.

Since ucp.php is the only file with a "register" mode, I've tried:

<Files "^(.*)mode=register$">
require valid-user
</Files>

So far, I've only been able to restrict access no matter the function, or not at all. I'm open to any alternative suggestions for how to do this. Thanks!

EDIT

I also tried:

RewriteEngine on
RewriteCond %{QUERY_STRING} ^(.*)mode=register(.*)$ [NC]
RewriteRule require valid-user

That didn't work either, but as you can probably tell, I'm just kind of stitching things together trying to get it to work.

Any suggestions?

Was it helpful?

Solution

What you are trying to do isn't going to be simple. You want HTTP Authentication for a single file but only when there's the mode=register query string. The mod_auth directives simply can't handle something like that.

What you're going to need to do is create a new php file, one that includes the ucp.php, we'll call that ucp_register.php, and it just executes the ucp.php file in the local file system, passing it the mode=register query string. Then, we force authentication for ucp_register.php.

<Files "ucp_register.php">
    AuthUserFile /path/to/htpasswd
    AuthName "Password Protected"
    AuthType Basic

    Require valid-user
</Files>

Then, we intercept requests for ucp.php with the register mode, and internally rewrite that to ucp_register.php, which requires a valid-user, which means the browser is prompted to authenticate, but the browser still thinks its requested ucp.php?mode=register. After authentication, the ucp_register.php file is loaded, which loads ucp.php and does the registering. To do the rewrite, you need:

RewriteCond %{QUERY_STRING} mode=register
RewriteRule ^ucp\.php$ /ucp_register.php [L]

Probably some details that you'll need to work out to get this to work, but this is the general idea.

For example, the ucp_register.php file could look something as simple as:

<?php
include('ucp.php');
?>
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top