Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

php & htaccess

Status
Not open for further replies.
deemarcus

deemarcus

Programmer
Aug 18, 2005
21
GB
Hi, does anyone know if it is possible to set an htaccess file for a directory with a username and password and get a php page to set the username and password?

Hope this sakes any scence!

Kindest thanks,

Dee
 
Sort by date Sort by votes
Thanks for replying (hope your feeling better!).

I am already using a mysql database to log in which works fine, but i have files that someone could browse to on the website - so i thought if i can set an htaccss up for the directory and pass a username / password to it once the user logs in. I would just need one username / password in the htaccess file. When the userlogs in i would just set $_SERVER[PHP_AUTH_USER] & $_SERVER[PHP_AUTH_PW]

i hope!

Need to have a play.

Thanks for your help desturday btw, i sorted out the directory issue.

Regards.
 
Upvote 0 Downvote
Still a bit stuck. this is what i want to do...

At the top of the php page it sets the username and password...

<?php

($_SERVER["PHP_AUTH_USER"] == "dee");
($_SERVER["PHP_AUTH_PW"] == "marcus");
?>

So rather than popping up the logon dialog it uses the values already set in the php page.

Regards.
 
Upvote 0 Downvote
Hmmm, i just need to use a test page to set the username and password that matches what is in the .htpasswd file, if it is the same i should be able to browse to a protected folder else i should get a popup to login. Will see if i can put a page together, bit new to all this so it may take some time!

regards.
 
Upvote 0 Downvote
cant you use this code:
Code: 
<?php

function auth_user() {
   $realm = mt_rand( 1, 1000000000 );
   header('[URL unfurl="true"]WWW-Authenticate:[/URL] Basic realm="Realm ID='.$realm.']"');
   header('HTTP/1.0 401 Unauthorized');
   die("Unauthorized access forbidden!");
}

if (!isset($_SERVER['PHP_AUTH_USER'])) {
   auth_user();
} else if (!isset($_SERVER['PHP_AUTH_PW'])) {
   auth_user();
} else if ($_SERVER['PHP_AUTH_USER'] != $auser || $_SERVER['PHP_AUTH_PW'] != $apass) {
   auth_user();
} else if (isset($_GET['action']) && $_GET['action'] == "logout") {
   auth_user();
}

// Normal Page Code Here
?>

ps. I took it from a code-sample on php.net

Olav Alexander Mjelde
Admin & Webmaster
 
Upvote 0 Downvote
I think im getting confused! Think i best explain in detail what i am trying to do as i think i may be misleading you...


I have a directory called files which is protected by an .htaccess file.

page 1 (login.php)

the user logs in with a username and password which a validate.php page if an entry in an mysql database matches the username and password then a page called success.php is loaded else login.php is loaded.

the login.php page loads
sucess.php has links to files that are within the secured diredctory. i want to be able to open/download/view them by selecting hyperlinks. But i am propted to enter the usernname / password for .htacess

What i want to to is when the user logs in sucessfully (with the validate.php page) i want to also allow access to the secured folder by hardcoding a username and password that is in the .htpasswrd file.

If a user tries to open a file directly it will prompt for the username and password in the .htpasswrd file.


Hope this makes more scence?!!!!

kindest regards.
 
Upvote 0 Downvote
it should be possible to encode64 the password and username and send it thru the URL.

How secure it is, is another matter though..
I dont have any examples of this flying around, as I never did it myself, but I read the technical specifications of htaccess, that it is possible.

Olav Alexander Mjelde
Admin & Webmaster
 
Upvote 0 Downvote
When you try to access a site which has been protected by .htaccess your browser will pop up a standard username/password dialog box. If you don't like this, there are certain scripts available which allow you to embed a username/password box in a website to do the authentication. You can also send the username and password (unencrypted) in the URL as follows:

Click to expand...

however, base64 encoding should be possible, I think.

Olav Alexander Mjelde
Admin & Webmaster
 
Upvote 0 Downvote
Hmmm, it works if i pass the username:password@ in the header to the link. But this is visible and people could save it as a favorite. need to see if i can set it in the php page. dont think it will be possible though...
 
Upvote 0 Downvote
Looks like it isn't going to be possible. Will see if i can bypass the login or somthing instead and only display it if someone tried to access the file directly...

Or rather than using a hyper link to get the file, i request the file instead and do the download atomatically (as i can browse a folder / subfolder and list files without actually logging on with the .htaccess password....

Does anyone know if this is possible?
maybee i should post this as a new thread?

regards...
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

cdlvj
  • Question
PHP Debugging
Replies
1
Views
268
cdlvj
cdlvj
W
  • Question
how to send checked row data in php
Replies
0
Views
119
wiltang2004
W
SashaBuilder3
  • Locked
  • Question
import CSV file into MySql table in PhpMyAdmin
Replies
0
Views
438
SashaBuilder3
SashaBuilder3
PeDa
  • Locked
  • Question
Unwanted spaces in php HTML mail 1
Replies
4
Views
368
PeDa
PeDa
Mandy_crw
  • Locked
  • Question
How to send sms in PHP using usb gsm modem?
Replies
1
Views
390
vishvajit
vishvajit

Part and Inventory Search

Sponsor

Back
Top