SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Zealot DreamDevil's Avatar
    Join Date
    Nov 2000
    Location
    Belgium
    Posts
    102
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Get in HTTP protected dir

    I've got a directory that is HTTP protected. Now I also have a login.php file where users can type there usernames and passwords.

    The pass is hashed and compared with the value in a MySQL database. All this works.
    So I have a php-page with a $username and $hashedpassword.

    When you open a file in that HTTP-protected dir. it gives you the standard HTTP-loginmessage, where you can give your username and pass.

    Now I want to give the username and password for the dir through php so that when users log in on the login.php page do not have to login with different passes in the dir.HTTPauthmessage.

    I hope it's clear

  2. #2
    Grumpy Mole Man Skunk's Avatar
    Join Date
    Jan 2001
    Location
    Lawrence, Kansas
    Posts
    2,066
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You can't set the HTTP authentication variables (used to authenticate with .htaccess) via an HTML form. Your best bet would be to use PHP to protext the content rather than .htaccess - I presume you set a cookie on the user's machine in your PHP system to say that they are logged in? If so you can check that cookie at the top of every page in the password protected area - if they aren't logged in display an error message telling them they have to log in to view the content.

  3. #3
    SitePoint Zealot DreamDevil's Avatar
    Join Date
    Nov 2000
    Location
    Belgium
    Posts
    102
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    No in the directories are normal html files.

    But they are supposed to be viewed only by the users who have the right to view them. So no cookie

  4. #4
    Grumpy Mole Man Skunk's Avatar
    Join Date
    Jan 2001
    Location
    Lawrence, Kansas
    Posts
    2,066
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    So... you want to unify the logins so people don't have to enter a username and password twice? Well, if you don't want to change all of your .htaccess html files into PHP files you can always go the other way and let the .htaccess style authorisation authorise people for your PHP scripts, probvided you have PHP installed as an Apache module. Have a look in the PHP Manual under the user authentication bit, it explains how to get PHP to "read" whatever username and password a user entered in tthe .htaccess style username/password form.

  5. #5
    SitePoint Zealot DreamDevil's Avatar
    Join Date
    Nov 2000
    Location
    Belgium
    Posts
    102
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    and how do I specify usernames and passwords for certain dirs in .htaccess

    Could you give me some code to work with.

  6. #6
    Grumpy Mole Man Skunk's Avatar
    Join Date
    Jan 2001
    Location
    Lawrence, Kansas
    Posts
    2,066
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Usernames and passwords for .htaccess are dealt with in the .htpasswd file. I've just realised that if you want to synchonise that with your PHP user database you will have to get the PHP to automatically re-generate the .htpasswd file whenever a user is added / deleted / changes their password. That's a lot of hassle...

    If you don't want to do that though your only option is to change your protected HTML files into PHP files and add a short bit of code at the start of each page which checks that the user is logged in.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •