MAXMAXarena Wrote:
-------------------------------------------------------
> How can I find out with Nginx if the username and password are real or
> that the user/unique_value is still active?
> Should I somehow access the database or am I wrong?
MAXMAXarena I've just come across this thread looking to answer almost the same question. In my situation I am running the website on PHP using a framework called bitweaver. This handles the user login to the dynamic pages and downloading images and pdf files via the framework, but the thumbnail images are linked to directly by nginx and can be viewed even if not logged in.
I've spent the last couple of days playing with http_auth_request_module and the auth_request entry. I've got it crudely working and I can manually switch the access on and off using the auth.php script which has access to the database, but I've hit a snag I'm still trying to crack. The storage structure is /storage/515/1515/thumbs/ where the second number is the file I want to access ( the first number just breaks down the storage into smaller groups of folders ) ... What I'm stuck with is how to get the file number into auth.php so I can sort out if the current user ID has access to that file, allowing 'anonymous' users to see as subset of files. You can probably get away without that bit and just confirm the user ID and at the moment I'd be happy with just that as well but I'm missing something when nginx runs auth.php :(