473,388 Members | 1,032 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,388 software developers and data experts.

How to bypass the .htaccess popup dialog

Hello!

A part of my website is protected with a .htaccess file. Can I somehow
bypass the username/password dialog ??
Can I somehow "hardcode" the authentication name and password in my php-file
or can I use for example a html form/mysql authentication and at the same
time set some variables or headers (or something) so the user can access the
..htaccess part ? A stupid example: if user presses a button, user gets
transferred to the protected site without the popup-dialog ?

Thanks!!

Marko
Jul 17 '05 #1
1 13147
>A part of my website is protected with a .htaccess file. Can I somehow
bypass the username/password dialog ??
Delete the .htaccess file?
Can I somehow "hardcode" the authentication name and password in my php-file
or can I use for example a html form/mysql authentication and at the same
time set some variables or headers (or something) so the user can access the
.htaccess part ? A stupid example: if user presses a button, user gets
transferred to the protected site without the popup-dialog ?


You can put the username and password in the URL. (
http://kittyporn:se************@kitt...with_cats.jpeg )
This makes your security slightly worse than a bag of money in the
front yard of a bank with a flashing neon sign on it "Thou Shalt
Not Steal, Please", since the username and password go through the
user's browser.

A more secure alternative, assuming you can modify the protected
content section, is to use sessions. The unprotected page sets a
session variable allowing access, and the protected page checks for
it INSTEAD of using the .htaccess file. Of course, you have to
make sure the unprotected page only allows access when it should.
Be sure that sessions eventually expire so a user who posts the
session cookie won't let unauthorized users in for very long.

Another technique that may be used in combination with the above
is that protected content (especially images) is stored outside the
document tree and is OUTPUT only when access is granted (which can
eliminate things like unauthorized deep linking and/or passwords
showing up in browsers). For example, if access is granted, output
a header "Content-type: image/jpeg", a blank line, and call readfile()
on the image file which is kept OUTSIDE the document tree so there's
no URL to get it directly. If access is not granted, output an
error message or an ad for access.

Gordon L. Burditt
Jul 17 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: deko | last post by:
Can I use PHP and htaccess to authenticate users? My service provider lets me password protect directories on my web site - using htaccess. If a user tries to access a page within a password...
3
by: Phil | last post by:
Does anyone know if a modeless dialog box can be made to stay open when the parent window is closed? Maybe something to do with disabling the parent/owner? I basically need to have a popup...
1
by: dibyendu_k | last post by:
Hi, There is a problem i cant solve regarding Internet Explorer 5.5. It is regarding the Print Dialog Box. From a webpage if I open a popup window (window.open()) containing buttons Print and...
4
by: Jean | last post by:
Hi everyone, I was hoping somebody could assist me in this issue. I am quite a newbie to ODBC connections and was struggling to search for related topics. Here is my situation: I have a...
2
by: steggun | last post by:
How To: Popup Confirmation Dialog & Redirect in LinkButton_OnClick Hello All, I have a ASP.NET 2.0 (C#) web form with a LinkButton control. In the server-side code for the LinkButton_OnClick...
4
by: Macbane | last post by:
Hi, I have a 'main' form called frmIssues which has a subform control (named linkIssuesDrug) containing the subform sfrmLink_Issues_Drugs. A control button on the main form opens a pop-up form...
1
by: Nosferatum | last post by:
Is it possible to make a custom php-form to log in to a protected folder with .htaccess/htpasswd? (Just wonder if it's possible to avoid the ugly standard server popup- login form).
3
by: ApexData | last post by:
I am using code from the following links to establish a Browse File and Browse Folder dialog. http://www.mvps.org/access/api/api0001.htm http://www.mvps.org/access/api/api0002.htm This code...
3
by: Mike Hofer | last post by:
Okay, here's the situation: we want to be able to display ASPX pages in an UpdatePanel. The reasons for this are performance related. The site in development uses *lots* of modal popups from some...
0
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
0
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
0
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
0
BarryA
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
1
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
1
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
0
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
0
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
0
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.