Thread: AuthMySQL Help

    #1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2006
    Posts
    13
    Rep Power
    0

    AuthMySQL Help


    Hi, I am setting up a members area on my website and using authmysql to authenticate users against the mysql database.

    I want to let expired members be able to login to the account, but not be able to view any of the media.

    Heres what it looks like

    /members/ "Users with expired accounts can login"
    /members/media/ "Users with expired accounts cannot view the media"

    I want to be able to do this with the user only logging in once.

    I validate against a column called status in the DB to see if the member is expired or not.

    Here is what I got, but its not working. Any help is much appricated it.

    Thanks

    Code:
    # NATS Authentication
    AuthMySQLAuthoritative On
    AuthBasicAuthoritative Off
    AuthUserFile /dev/null
    AuthName "Members Only"
    AuthType Basic
    AuthMySQLEnable on
    AuthMySQLHost localhost
    AuthMySQLDB mydb
    AuthMySQLUserTable member
    AuthMySQLPassword mypassword
    AuthMySQLUser nats_auth
    AuthMySQLNameField username
    AuthMySQLPasswordField password
    AuthMySQLPwEncryption none
    Require valid-user
    
    <FilesMatch "^(media)$">
    AuthMySQLUserCondition "status=1"
    </FilesMatch>
  2. #2
  3. Transforming Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    14,294
    Rep Power
    9400
    Isn't media/ a directory, not a file?

    I would guess that putting
    Code:
    AuthMySQLUserCondition "status=1"
    inside /members/media/.htaccess would do it. Also consider making MySQL log queries so that you can inspect what authmysql is doing.
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2006
    Posts
    13
    Rep Power
    0
    Originally Posted by requinix
    Isn't media/ a directory, not a file?

    I would guess that putting
    Code:
    AuthMySQLUserCondition "status=1"
    inside /members/media/.htaccess would do it. Also consider making MySQL log queries so that you can inspect what authmysql is doing.
    I need to have some kind of condition though, I want members to be able to login with expired users, but add another level of authenticaiton to check for status=1 when they try to view content in the media directory.

    Thanks
  6. #4
  7. Transforming Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    14,294
    Rep Power
    9400
    Right. So the parent directory doesn't really have any conditions (no AuthMySQLUserConditions) while the media/ directory does.
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2006
    Posts
    13
    Rep Power
    0
    Originally Posted by requinix
    Right. So the parent directory doesn't really have any conditions (no AuthMySQLUserConditions) while the media/ directory does.
    I tried adding 2 htaccess files. One in the media folder with the condition and one in the members area without. But its still letting members with status != 1 view the content in media.
  10. #6
  11. Transforming Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    14,294
    Rep Power
    9400
    You're not including the <FilesMatch> right?

    As a test, remove that authentication stuff in /members/.htaccess and put it all in /members/media/.htaccess instead, including the AuthMySQLUserConditions. Does that restrict you properly?

IMN logo majestic logo threadwatch logo seochat tools logo