We are in need of someone to write an .htaccess for protecting a certain directory, or directories using a ?token= at the end of a url.
What it should have:
I have a ?token= that includes a crypto'd string that would include username;password;ip;timestamp
The .htaccess should decrypt the string and then in the following order look for the following:
- if there is a match for IP in exceptions table on database, allow access
- Otherwise, check username and password against profiles table on the database, if matched, and timestamp is within 5 minutes, check to make sure that the IP in the token is the same as the IP requesting access, if everything matches, allow access. otherwise - forbid access to directory.
If you have questions, let me know.