Login to Apache from PHP

I have a web-accessible directory that is password protected using a typical .htpasswd file. I need to keep this as is. However, I have a secondary login that is maintained via PHP and MySQL that provides user-specific access to certain database content once they’ve accessed the password-protected directory.

I’d like to avoid requiring the users to log in twice. What I’d like to do is have them log in using the PHP/MySQL setup and then log them in to the password-protected directory behind the scenes (presumably using PHP to send the common username/password to apache) before redirecting them to that directory.

Is that possible? If so, what’s the easiest way? Thanks!

Send a post request to

http://user:password@www.domain.com

Thanks for the response. How do I do this, though? I’ve spent all evening reading about a whole bunch of solutions that do way more than I need them to do, some using cURL, some not. I don’t want to actually send any data. If I just put the URL as you posted it (and with the actual user and password, of course) in my browser’s location window, it works, but when I try to POST to that same URL (with no actual fields), nothing happens. I’m sure this is simple, but again, all the examples I’m finding are beyond what I need to do, and when I remove the stuff from the code that is not applicable, it just doesn’t do anything.

To sum up again what I’m trying to do, I just want to have the user log in to the PHP/MySQL-controlled login process, have the PHP script log them in - behind the scenes - to a directory that is password protected via .htpasswd, and then redirect them to a completely different page.

Thanks again. :slight_smile:

OK, I got this to work using the following. There may be a better/more elegant way to do this, and some of these parameters may not be necessary, but it does exactly what I needed.

$url="http://username:password@mydomain.com/mydirectory/"; /* must have trailing slash */
$curl_connection = curl_init($url);
curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($curl_connection, CURLOPT_USERAGENT,"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, false);
curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1);
$result = curl_exec($curl_connection);
curl_close($curl_connection);
exit();

Thanks again for pointing me in the right direction.

I’m glad you got it working, maybe CURLAUTH would be worth a look to.


<?php
$curl = curl_init();
curl_setopt_array($curl, array(
  CURLOPT_RETURNTRANSFER  => true,
  CURLOPT_URL             => 'http://www.example.org/',
  CURLOPT_HTTPAUTH        => CURLAUTH_ANY,
  CURLOPT_USERPWD         => 'username:password'
));
$response = curl_exec($curl);

Thanks, Anthony, your way looks better and works great.

Ugh, I spoke too soon. There’s a piece that I’m missing. Say I’m logging into this URL via a PHP/MySQL user management system:

http://www.mydomain.com/mydir

After logging in, it automatically logs me into this directory, which is protected via apache/.htaccess:

http://www.mydomain.com/mydir2

Well, the login works, but it presents the content of the mydir2 page while still on the mydir page (I guess that’s what cURL is supposed to do?). But the login doesn’t “persist”. That is, if I try to click on any of the links (which all go to pages in the mydir2 directory) or even access the mydir2 page directly, I have to log in via apache again.

Any ideas on how to keep the login intact? Any help would be much appreciated. :slight_smile: