Server-side authentication of static files #16
Description
This issue came up with the /wizbif directory, because users really shouldn't be able to access anything in this directory unless they are logged in. However, the Apache-PHP model doesn't handle this case very well; the only way I know is to pass all requests through a PHP file like auth_file.php which verifies the user and then serves the static content manually. So we should either find a good PHP package to serve static content, or wait until someone migrates the server code to something like NodeJS (which handles this case very well) to implement this feature.