i am going through the process of password protecting a directory using
..htaccess and .htpasswd
Is there a function to get the user name?
Thanks 8 2511
..htpasswd is a text file. The user name's in it are not encrypted. On
each line, you'll find a username, then a colon (:), and then the
encrypted password. Assuming you can read that file, you could run a
regular expression on it to parse out the usernames.
Why do you need them? Just curious. Generally, people either do their
authentication in PHP or via .htaccess. It seems you're trying to do
some combination of the two.
phpinfo();
||
$_SERVER['PHP_AUTH_USER']
$_SERVER['PHP_AUTH_PASS'] // not sure
--
Sat_
"mickeyg" <me**********@y ahoo.com> wrote in message news:PkVdd.6818 $Ug4.4058@trndn y01... i am going through the process of password protecting a directory using .htaccess and .htpasswd Is there a function to get the user name?
use the $_SERVER superglobal array:
$_['PHP_AUTH_USER']
When running under Apache as module doing HTTP authentication this variable is set to the username provided by the user.
$_['PHP_AUTH_PW']
When running under Apache as module doing HTTP authentication this variable is set to the password provided by the user. http://us2.php.net/manual/en/reserve...riables.server
_______________ _______________ ______
Wil Moore III, MCP | Integrations Specialist | Assistant Webmaster
mickeyg wrote: i am going through the process of password protecting a directory using .htaccess and .htpasswd Is there a function to get the user name?
The $_SERVER superglobal array /may have/ the authentication elements:
<quote src="http://pt.php.net/manual/en/reserved.variab les.php">
'PHP_AUTH_USER'
When running under Apache as module doing HTTP authentication
this variable is set to the username provided by the user.
'PHP_AUTH_PW'
When running under Apache as module doing HTTP authentication
this variable is set to the password provided by the user.
'AUTH_TYPE'
When running under Apache as module doing HTTP authenticated this
variable is set to the authentication type.
</quote>
--
USENET would be a better place if everybody read: http://www.expita.com/nomime.html http://www.netmeister.org/news/learn2quote2.html http://www.catb.org/~esr/faqs/smart-questions.html
>.htpasswd is a text file. The user name's in it are not encrypted. On each line, you'll find a username, then a colon (:), and then the encrypted password. Assuming you can read that file, you could run a regular expression on it to parse out the usernames.
I believe the OP wants the user name of the user accessing the page
this time, not all of them.
To further complicate things, there is no guarantee that the .htpasswd
file is in *THIS* directory.
Why do you need them? Just curious. Generally, people either do their authenticati on in PHP or via .htaccess. It seems you're trying to do some combination of the two.
It is perfectly reasonable to have a restricted-access page, and further
let the page use the user name of the person accessing it, for
various purposes:
- Logging who did what.
- Using preferences individual to each user.
- Granting privileges individual to each user (determined, say, from
looking in a database or even hardcoded into the script).
Sometimes it is convenient to let Apache do the authentication (browsers manage
to store authentication info so you can come back at any time without needing
sessions or other such stuff. If your security policy isn't worried about
logins with no timeouts or unattended computers, this is great.) and then
let PHP hand out individual privileges based on WHO logged in.
The authenticated user shows up in $_SERVER['REMOTE_USER'] from Apache.
PHP also puts the user in $_SERVER['PHP_AUTH_USER'] and the password
in $_SERVER['PHP_AUTH_PW'] .
Gordon L. Burditt
Thank you this is what I was looking for
Gordon,
Thanks for the info. I didn't know that the username and password
provided during the .htaccess authentication process were availible to
PHP through server variables. Thanks for explaining their use.
Gordon Burditt wrote: .htpasswd is a text file. The user name's in it are not encrypted. On each line, you'll find a username, then a colon (:), and then the encrypted password. Assuming you can read that file, you could run a regular expression on it to parse out the usernames.
I believe the OP wants the user name of the user accessing the page this time, not all of them.
To further complicate things, there is no guarantee that the .htpasswd file is in *THIS* directory.
Why do you need them? Just curious. Generally, people either do their authenticati on in PHP or via .htaccess. It seems you're trying to do some combination of the two.
It is perfectly reasonable to have a restricted-access page, and further let the page use the user name of the person accessing it, for various purposes:
- Logging who did what. - Using preferences individual to each user. - Granting privileges individual to each user (determined, say, from looking in a database or even hardcoded into the script).
Sometimes it is convenient to let Apache do the authentication (browsers manage to store authentication info so you can come back at any time without needing sessions or other such stuff. If your security policy isn't worried about logins with no timeouts or unattended computers, this is great.) and then let PHP hand out individual privileges based on WHO logged in.
The authenticated user shows up in $_SERVER['REMOTE_USER'] from Apache. PHP also puts the user in $_SERVER['PHP_AUTH_USER'] and the password in $_SERVER['PHP_AUTH_PW'] .
I like to do this for the priveleges and logging you mentioned and also peace of
mind - I know that, if I ever accidentally overwrite the .htaccess and don't
notice, nobody will be able to wander on in and screw everything up.
Shawn
--
Shawn Wilson sh***@glassgian t.com http://www.glassgiant.com This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Tom Loach |
last post by:
Our system administrator set up an NT server group in order to allow
our users to login to our application via https to our sql server.
The group appears as a User in SQL Server when you look at it in
Enterprise Manager. That said, I can not see the users associated
with the group from Enterprise Manager, but know they can login to the...
|
by: Technical Group |
last post by:
Friends,
Can anybody help me out by sending a piece of C# code showing how to add an
active directory user to a particular user group? If the group does not
exist, then create it.
Thanks in advance
-Hari
|
by: Andrew Chalk |
last post by:
My application attempts to connect to an SQL Server database as name ASPNET
and Login Name SERVERNAME/ASPNET in response to these commands:
SqlConnection myConnection = new SqlConnection("Data Source=(local);Initial
Catalog=MCSCRE;Integrated Security=SSPI");
myConnection.Open();
However, the user of this database is ASPNET. I can't create...
|
by: tony |
last post by:
Hello!
I just want to find out how the system find the name to set on a assembly
User control dll.
I have done this.
1. Create a user control
- Here the namespace was set by the system to WindowsControlLibrary2
- The name of the class was also set by the system to UserControl1
- The name of the assembly dll was set by the system to
|
by: Dmitry |
last post by:
I am trying to figure out how to pass set of credentials to System.IO
Challenge is:
App is running under one set of credentials, but via GUI user have a chance
to enter another set. I would like to be able to use supplied credentials
with System.IO versus using default credentials that app is running under.
So far I am forced to use WMI...
| |
by: underground |
last post by:
Hi, everyone I've been trying to figure out a way for a user to update there information. I'm using sections to identify the specific user..Here is the form
<?
include("include/session.php");
?>
<?
$username="xxxxxx";
$password="xxxxxxx";
$database="xxxxx";
|
by: Terry Olsen |
last post by:
I'm trying to add a domain user to a local group using the code below:
Dim LCL As New DirectoryEntry("WinNT://" + Environment.MachineName +
",computer")
Dim DOM As New DirectoryEntry("WinNT://us.ups.com")
Dim DOMUSR As DirectoryEntry = DOM.Children.Find("USERID", "user")
Dim LCLGRP As DirectoryEntry = LCL.Children.Find("LOCAL_GROUP",...
|
by: dgbergman |
last post by:
I have created a php login page in my site for my company. The goal is to get people into members area. Below is a list of steps that I take to create my login page in Dreamweaver CS3, can some one verify that I have built the page correct and that is nothing wrong with the code. If there is something wrong with the code is it possible to explain...
|
by: rbukkara |
last post by:
Hi,
I have got the following error while trying to add a user in the LDAP Directory.
javax.naming.NameNotFoundException: ; remaining name 'uid=vassila,ou=People,dc=cs,dc=uno,dc=edu'
I have given all the attributes which are needed, for the user, in the code and also the proper path where the user has to be added. Please have a look at my...
|
by: chromis |
last post by:
Hi,
I've been trying to implement a more OOP oriented approach to dealing with user security on one of my websites, and I am trying to validate the user against an array of roles, however I am struggling with a type error:
The argument ROLES passed to function setRoles() is not of type array.
If the component name is specified as a type...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language...
| |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it. ...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...
| |