views:

22

answers:

1

Hello,

I have a CakePHP Application which I want to protect with a password. The tricky thing is, that all files/locations should be only accessible with a password EXCEPT one specific Address (a function withing a CakePHP-controller)

The Address is like that:

http://example.com/MyApp/MyController/MyFunction?MyParam=MyValue

All other locations should be only accessible with a password

http://example.com/MyApp/MyController/MyOtherFunction
http://example.com/MyApp/MyController/MyOtherFunction
http://example.com/MyApp/MyOtherController/MyOtherFunction

Well, I tried it first in the root .htaccess-File, but the whole rewrite-thing of CakePHP makes it very difficult and in .htaccess-Files are no <LocationMatch> directive allowed. So I tried it with <FilesMatch>, but the real File is always the same: index.php. mod_rewrite rewrites all Addresses to

http://example.com/MyApp/app/webroot/index.php?url=$1

In the next step I tried it in the apache-configuration and put there this section

<LocationMatch ^/MyApp/MyController/MyFunction.*>
  AuthType Basic
  AuthName "Secure Area"
  AuthUserFile /path/to/.htpasswd
  Require user MyUser
</LocationMatch>

Well the regex matched, but it was the wrong way. It protects MyFunction but not the rest.

+1  A: 

Are you using .htpasswd? You might be better using Cake Auth, then you can do:

function beforeFilter() {

$this->Auth->allow('MyFunction');

}

in the appropriate controller.

Leo
I'm assuming OP has a reason they want to use htpasswd protection rather than a login system. But I'm with you -- I would put this into the application logic, so you can better control the user session.
Travis Leleu
First I thought using .htpasswd will be easier... Now I use Cake Auth and it works with allow(). Thanks
knight_killer