.htaccess protect directory inline php form validation

Can I protect a directory using .htaccess but instead of having the browser dialog box popup, I would like to use php to server a web page. I want to prevent a ugly browser dialog box showing up, but still have the benefits of the basic authentication protecting everything within a directory.

Any thoughts on how to do this?


Use PHP to write ALLOW lines into (and out of!) your htaccess file.

Thanks for your response, but I am not quite sure how to do that. Can you elaborate on this:

“Use PHP to write ALLOW lines into (and out of!) your htaccess file.”

an HTACCESS file is just another text file, as far as your OS is concerned.
DENY FROM ALL, then when someone logs into your website, save the session info to a database (for checking when it expires), and write a ALLOW FROM [IP address] into the htaccess file.
When the entry expires, remove the line from the file.
(You might also want to redirect your 403 page to your login form)

That is a really interesting approach. Could I do this on a per user basis instead of IP. I know basic is not that secure but writing an ip to the .htaccess files seems even less secure.

For example once the user is authenticated they then behind the scenes, are then again authenticated a second time with a single .htaccess username & password. This would be the same for all users, but I would not want them to have to enter a username and password again and they would now be allowed to enter the password protected directory. I prefer not to use http://username@password:somedomain.com.

To my knowledge there’s no way to do this, as the basic-HTACCESS authentication is a client-side system for storing the authentication credentials, rather than server-side (which PHP operates on). I know you can do it the other way around (force PHP to use an HTTP authorization). One of the gurus might come along and tell me i’m wrong, but as far as i know that’s the way it goes.

Thank you for the explanation. So there really is no way to password protect files in a directory using an .htaccess file without getting prompted with a dialog box.

I saw this article I am going to give this a try:


I also saw there is a mod_auth_mysql but that still gives me the dialog box.

I also heard html 5 might support http authentication with forms?

If anyone has any suggestions please let me know.