I'm looking for a way to tell Apache that if there is a request for a file from a certain directory it should first run a php script to verify if the user is logged in. I know I could put the directory outside of the docroot and let a php script handle the authentication and file downloads, but because these are flash files that try to open other flash files it has to be a directory in the docroot, and the files should not have to be send by the php script. In the old setup we were using mod_auth_script(http://sourceforge.net/projects/mod-auth-script/), but as that is a rather obscure apache module I'd rather have a more common solution if possible.
+2
A:
You can use .htaccess and mod_rewrite to redirect requests to php script. Try some googling and you will find lots of examples.
.htaccess contents example:
Options +FollowSymLinks
RewriteEngine on
RewriteRule ([0-9a-z-_]+)\.swf$ checkForAuth.php?&file=$1 [L]
This will call checkForAuth.php when someone will try to access *.swf file. In checkForAuth.php you need to check your session, read contents from $_GET['file'], set correct headers (content-type for flash) and output contents of requested SWF file.
Māris Kiseļovs
2010-07-29 08:56:14
well I don't want to redirect, because the flash files need to be accessible directly. Apache should just check if the user can access the directory (using a PHP based authentication that checks the session) and that's it. Otherwise the start flash file can't pull in the other flash files
Maarten
2010-07-29 08:59:10
Redirect will not be seen on user side. URL will stay the same but content will be given thru PHP file which will check session.
Māris Kiseļovs
2010-07-29 09:02:18
ah right, so the flash files will still just request /files/foo.swf.. is it too much to ask for a link?
Maarten
2010-07-29 09:05:24
I just updated my answer with working example.
Māris Kiseļovs
2010-07-29 09:19:27