I want to use htaccess for authentication on my php site since I only have a
few users who need access to secure areas. So, I created a new directory
off public_html (secretDocs) and in that directory there is a .htaccess file
that looks like this:
AuthType Basic
AuthName "someuser"
AuthUserFile "/home/mydirectory/.htpasswds/secretDocs/passwd"
require valid-user
If a user tries to go directly to the url - http://www.mysite.com/secretDocs/ - he will get a prompt for
username/password. But I want to use an SSL encrypted page with a form to
accept username/password and then redirect the user to the secure area if
the credentials are valid (otherwise send to a "login failed" page). So the
user goes to the login page first, enters credentials, then is redirected to
the secure page/directory.
Is there a way to forward the credentials entered on the form to htaccess?
Any suggestions welcome! Thanks in advance. 9  37728 
> Is there a way to forward the credentials entered on the form to htaccess?
I read somewhere that you should be able to send like this: http://username:pa******@www.website...curedirectory/
I could not get it to work on my site...
If it did work, I'm wondering if I do this from the SSL page if it would be
more secure?
> I read somewhere that you should be able to send like this: http://username:pa******@www.website...curedirectory/
I could not get it to work on my site...
It has been desactivated (since IE6 i think remembering) as it
was a security risk as the password could be read in server logs.
Michael Fesser wrote: .oO(deko)
Is there a way to forward the credentials entered on the form to htaccess?
I read somewhere that you should be able to send like this:
http://username:pa******@www.website...curedirectory/
Username and password are not allowed in HTTP URLs.
Micha
IIS (latest versions) will simply strip out the username and password
data, making this solution impossible, but other servers, including
apache 1.3.x, will still cooperate fully.
but: although it's possible, it's still pretty insecure!!
sadara
.oO(Sadara) IIS (latest versions) will simply strip out the username and password
data, making this solution impossible, but other servers, including
apache 1.3.x, will still cooperate fully.
Yep, but I wouldn't rely on it. Even if widely used and probably working
on many servers it's explicitly not allowed by RFC.
but: although it's possible, it's still pretty insecure!!
Insecure and unreliable.
Micha
> Insecure and unreliable.
yep, that's for sure. If you can recommend a basic php authentication
script, please let me know.
Carved in mystic runes upon the very living rock, the last words of deko
of comp.lang.php make plain: If a user tries to go directly to the url -
http://www.mysite.com/secretDocs/ - he will get a prompt for
username/password. But I want to use an SSL encrypted page with a
form to accept username/password and then redirect the user to the
secure area if the credentials are valid (otherwise send to a "login
failed" page). So the user goes to the login page first, enters
credentials, then is redirected to the secure page/directory.
Is there a way to forward the credentials entered on the form to
htaccess?
When your browser requests a page that's behind http authentication, the
server returns a 401. The browser then looks to see if it has a user name
and password for that realm. If it does, it re-sends the request with the
u/p attached; if it doesn't, you get the little popup asking for them.
So, basically what you're asking is if there's a way to have a PHP script
capture the u/p and have the browser know them thereafter. Unfortunately,
there is no way. If the PHP script captures the auth info, it thereafter
has to be responsible for controlling access.
--
Alan Little
Phorm PHP Form Processor http://www.phorm.com/
> When your browser requests a page that's behind http authentication, the server returns a 401. The browser then looks to see if it has a user name
and password for that realm. If it does, it re-sends the request with the
u/p attached; if it doesn't, you get the little popup asking for them.
So, basically what you're asking is if there's a way to have a PHP script
capture the u/p and have the browser know them thereafter. Unfortunately,
there is no way. If the PHP script captures the auth info, it thereafter
has to be responsible for controlling access.
Thanks for the clear explanation. I've begun my search for a PHP
authentication script. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: j-marvin |
last post by:
hi-
i am going through the process of password protecting a directory using
..htaccess and .htpasswd
i am experiencing difficulty. so my question is without making life
anymore difficult is if the webhost already has a password protected
directory option is this secure enough? i dont need password protection
at
the directory level and...
|
by: Lobang Trader |
last post by:
Hi all,
I am trying to create a username and a password class.
I would like to know what are the RECOMMENDED minimum and maximum length
for both fields?
These fields will be something like this:
private static final int DEFAULT_MINIMUM_LENGTH = ??????
|
by: john brown |
last post by:
There is a web page that I access frequently and would like to
automate the authentication of the username and password. I would
like to user a perl script but I'm not really sure about the steps.
If someone could point me in the right direction. I don't know if
it's this simple but wouldn't it just be a matter of using the LWP
module. ...
|
by: Joey Edelstein |
last post by:
Hi,
We are trying to add a Client Certificate support for our web app that
emulates a hardware device web app.
The hardware uses a 2 factors authentication, which requires a Web
Service client to send: Client Certificate and Username / password.
We are using a Web Service provider which uses IIS 5.1 as HTTP server.
IIS is set to require...
|
by: Noel Volin |
last post by:
Anyone who can help here is much appreciated. I am trying to
programmatically log onto a website. I am using the code provided in VS for
the AuthenticationManager Class example (
ms-help://MS.VSCC.2003/MS.MSDNQTR.2003FEB.1033/cpref/html/frlrfSystemNetAuthenticationManagerClassTopic.htm
). I have also download and tried to use the following...
| | |
by: thoducng |
last post by:
I am writing some code to access share folder on a remote network.
DirectoryInfo dicInfo = new DirectoryInfo("remoteNetwork\shareFolder");
if (dicInfo.Exists)
{
//application code followed
|
by: Cecil |
last post by:
Does this make sense for a logon table:
CREATE TABLE Logon
(
ID INT NOT NULL IDENTITY PRIMARY KEY,
name VARCHAR(15) NOT NULL,
password VARCHAR(15) NOT NULL
)
GO
CREATE UNIQUE INDEX IX_Logon_Name ON Logon(name)
|
by: nemo |
last post by:
I've included a list of username/password combinations in the
Web.Config file and I've a simple aspx page with a username and
password field for the users to log in. While the password field seems
to be case sensitive, the username field is not. How can I force the
username field to be case sensitive, i.e. match exactly what I have on
the...
|
by: minhtran |
last post by:
Hi All
Anyone knows how to code(ASP.NET, C#,VB.NET) as to send username and password to Proxy Server required to reach web page (That means you code as programming automatically get web page without enter username password again, cause of your coding has username and password "Our server asks username and password for external communication")....
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language...
| | |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it. ...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in...
| | |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
