*** Troot wrote/escribió (18 May 2005 10:02:19 -0700):
The flash bit doesn't really matter, I'll just use that to post/get
variables to php. I know theres a variable in php called $AUTH_USER_PW
(or something like that). What I'm wondering is if I can do something
like this:
<?php
$_SERVER['PHP_AUTH_USER']=$some_variable _passed_in;
$_SERVER['PHP_AUTH_PW']=$some_other_va riable_passed_i n;
?>
Alright, apparently you're using HTTP authentication. This has nothing to
do with HTTPS/SSL, which is merely an encrypted channel for sensitive
information. This is how it works:
1) User asks for a document.
2) Server software checks if credentials are needed.
2.1) If not needed: page is served.
2.2) If needed: server software checks whether credentials were provided
in request headers.
2.2.1) If provided and username+passwo rd are valid: page is served
2.2.2) Else "auth required" message is returned to browser
Browsers handle HTTP auth internally: that means that if a browser gets the
"auth required" message it will *always* display a dialog for user enter
them. This is the key point.
Why? Because Apache itself will only create the PHP_AUTH_* variables if
browser sends credentials. And browser only sends credentials if entered in
its built-in dialog. You cannot use a custom HTML form (or Flash form).
Alternatives? You can use your own server software (that's it, a custom PHP
script rather than letting the task to Apache). The only issue is that this
system won't allow you to access anything that's not PHP: images,
stylesheets, PDFs... To make it worse, if the PHP script itself is
protected by Apache then it won't work: browser will always prompt user.
I guess 'maybe' you can share password files between your ISP's system and
yours, but you probably must write your own system to use them.
--
-- Álvaro G. Vicario - Burgos, Spain
--
http://bits.demogracia.com - Mi sitio sobre programación web
-- Don't e-mail me your questions, post them to the group
--
