By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
455,821 Members | 1,260 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 455,821 IT Pros & Developers. It's quick & easy.

HTTP-auth workaround

P: n/a
I'm looking for a way to force basic http autentication from within a PHP
script.

Here's the situation:

I have an exisiting system that first authenticates people via the aMemberPro
package. In the "old days", aMemberPro then moved the user to a page inside a
directory protected with .htaccess basic authentication. It used the URL
format http://name:pa******@server.directory.page.html. When the IE6 update
came out, this syntax no longer worked.

As a workaround, the "name:password@" was removed. Now, users have to login to
the aMemberPro page then login again to the protected content of the website.

I have access to the userid and password. Is there a way that I can set things
up right before the user is redirected to the server/directory/page.html
inside the protected directory so the web server's authentication will be
satisifed and the user will not be prompted again for userid/password?

I've tried plugging values for $_SERVER[remote_user], but I still get prompted
by the server for userid/password.

Thanks for any suggestions.
Jul 17 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
Steven Stern wrote:
Here's the situation:

I have an exisiting system that first authenticates people via the aMemberPro
package. In the "old days", aMemberPro then moved the user to a page inside a
directory protected with .htaccess basic authentication. It used the URL
format http://name:pa******@server.directory.page.html. When the IE6 update
came out, this syntax no longer worked.

As a workaround, the "name:password@" was removed. Now, users have to login to
the aMemberPro page then login again to the protected content of the website.

I have access to the userid and password. Is there a way that I can set things
up right before the user is redirected to the server/directory/page.html
inside the protected directory so the web server's authentication will be
satisifed and the user will not be prompted again for userid/password?

I've tried plugging values for $_SERVER[remote_user], but I still get prompted
by the server for userid/password.

Thanks for any suggestions.


One possibility is not to actually direct over there. Use a wrapper
script to get the page content and display it based on the user/pass
already used.

For instance, write a script that does something like:

readfile('http://'.$username.':'.***********@www.example.com/dir/file.html');

So what you'd do is redirect to this page, get the user/pass, add it to
the above line, and end the script. If you want the user to click
through links in the pages there, your best bet is to have them just log
in a second time...

Hmm... a better solution is to use the Basic Auth as the login in the
first place, even if you want to use PHP to do it:

http://us2.php.net/features.http-auth

--
Justin Koivisto - sp**@koivi.com
PHP POSTERS: Please use comp.lang.php for PHP related questions,
alt.php* groups are not recommended.
Jul 17 '05 #2

P: n/a
On Tue, 27 Apr 2004 18:25:45 GMT (more or less), Justin Koivisto
<sp**@koivi.com> wrote:
Hmm... a better solution is to use the Basic Auth as the login in the
first place, even if you want to use PHP to do it:

http://us2.php.net/features.http-auth


That's where I started. I may yet wind up re-writing things so I get the
id/psw, check it against aMember's database, then go on with the http-auth
login. My hope is that I can do this with the minumum modification to
existing code. It's a website I inherited and I don't have a complete
understanding (yet) of how the aMember system works.
Jul 17 '05 #3

P: n/a
Steven Stern wrote:
I'm looking for a way to force basic http autentication from within a PHP
script.


And here it is
http://www.php.net/manual/en/features.http-auth.php
Jul 17 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.