Hi there -- I'd like to do a reverse version of Michael Farris' new authentication widget.

I've got a website which does its own authentication (using cookies), and I'd like to have that authentication rolled out to our Eve forums.

I was thinking I could just do this with .htaccess -- but I can't seem to put the .htaccess file high enough in the File Manager to have it affect anything other than the images on the page. When I added the .htaccess restriction, non-cookied users just got pages with no images (because the image directory is "below" the .htaccess file in the FileManager structure). But the rest of the page was the same.

What I want is to be able to have the .htaccess file:

1) Check for the cookie set by my site's authentication
2) If cookie is not set, bounce the user to a page that says 'Sorry, you gotta subscribe'
3) Otherwise, show the page as usual.

Is .htaccess the way to go with this, or should I be using something else? If .htaccess is correct, where can I put the file so that it will affect the entire loading of the page?

Ideally, because I'm running two separate domains, I'd like to be able to do this at a domain-specific level, not every board I'm running.

Thanks for any suggestions!

Hello WineHook,

There is no built in tool or facility that will allow you to do what you want to do. HTAccess is restricted from affecting the servlet pages due to its mount point.

I can however think of a way that someone with a lot of Javascript experience/knowhow could accomplish what you want.

You would need to create a Javascript application that would get loaded through the style on your forums. What it would do is check for a validation cookie, if the validation cookie is true it will exit and let the page render. If its not than it will do this:

Create a random number, store that number in the cookie, and forward the user to a script on your domain with the cookie. The redirect parameters will include the random number and the URL that they are being sent from (So they can be returned). Your script will check to see if the user is valid and return the user back to where they came from, providing the random number and a flag of whether they are valid or not.

The Javascript checks the random number from the URL against the number from the cookie, if it matches it sets the value of the validation cookie to true or false based on the result parameter.

If its true it doesnt do anything, if they are not valid it redirects them to the error page.

What this does is it caches a users validity for an entire session cutting back on the forwarding back and forth, and allows any domain to validate against your cookie through your script.

Of course its up to you to write it *grin*

Jonmark:

You're the man -- thanks very much for this. I had hoped to not have to use JavaScript for this, but it's good to know what my real options are. I think maybe I'll roll with that as a plan.

I don't suppose I'm allowed direct access to Apache's httpd.conf file, either? That would be another place I could do it, I guess...

Dave

Hey Dave,

*laughs*

No, you do not have access to the http.conf.

Good luck with this, and let me know when you have it done. I am going to be very intrested in seeing the final product.

This message has been edited. Last edited by: David Dreezer,

Ha!

I guess I knew that, but just wanted to ask to make sure.

I think I've got what I need in order to move forward with this sometime in the next few weeks -- I'll keep everybody posted.

Thanks.

Dave V.