Using Post with Forms and PHP 2

[webwingit]

I have a table in my PHP page and when I use the POST action to another PHP page the [REMOTE_USER] variable get dropped out of the $_SERVER[] array. Can someone tell me why this happens? Both pages are located in a protected directory. I am using the [REMOTE_USER] to identify the current user and limit what he can see on the page. There is no ($PHP_AUTH_USER)that I can find within $_SERVER[] to use either. I have temporarily gotten around the problem by using the GET action instead of POST within FORMs which does not modify the $_SERVER

 

[sleipnir214]

What web server are you using, and how are you protecting it?
______________________________________________________________________
TANSTAAFL!

 

[webwingit]

It is Linux/Apache and I am protecting with .htaccess. Hope this answers the q?

 

[sleipnir214]

Can I see your .htaccess file?

I can't reproduce your error. ______________________________________________________________________
TANSTAAFL!

 

[webwingit]

ok, I have never done that before nor know how to look at it. Can you tell my how and I will do it. Thanks. As you can probably tell I am new at this.

 

[sleipnir214]

If you can't look at your .htaccess file, how did you create it? ______________________________________________________________________
TANSTAAFL!

 

[webwingit]

The site manager software on my website has a protect option where i fill out the user name and password. it creates the .htaccess file in the protected directory. I can search and find out how to read it. Thought it might be easier if you knew. I will go look and find out how to read it and post it now

 

[sleipnir214]

Here's one possibility:

If the authentication requirements in .htaccess are set per access method, it is possible in Apache to have GET-method input be protected by password and POST-method input to be not.

Here's an example .htaccess file that could do that:
<Limit GET>
AuthType Basic
AuthName &quot;protected&quot;
AuthUserFile /path/to/.htpasswd
Require valid-user
</Limit>

The above .htaccess file protects only GET-method input. POST-method goes right in without the user agent's providing any authentication credentials. And if no authentication credentials are supplied, then $_SERVER[REMOTE_USER] will not be set.

Normally, you protect all methods at the same time:

AuthType Basic
AuthName &quot;protected&quot;
AuthUserFile /path/to/.htpasswd
Require valid-user
______________________________________________________________________
TANSTAAFL!

 

[webwingit]

Here is my .htaccess file

AuthUserFile /

http://www/drhelm/learnphp//.htpasswd

AuthGroupFile /dev/null
AuthName Protected
AuthType Basic
<Limit GET>
require valid-user
</Limit>

 

[webwingit]

you are very helpful. If I just eliminated the LIMIT tag from my file, would that solve the problem, or would it cause me anymore problems?

 

[webwingit]

Also why would they not protect the POST method?

 

[danielhozac]

You have two possiblities to fix your problem. Either remove the

<Limit GET>

and

</Limit>

or change

<Limit GET>

to

<Limit GET POST>

//Daniel

 

[webwingit]

thanks for your help sleipnr and daniel, I will try that. You guys are great.

 

[sleipnir214]

I can think of no good reason why your hosting provider would only protect GET method access.

They might not even know about the problem. I recommend you bring it up with your hosting provider. ______________________________________________________________________
TANSTAAFL!