using PHP with .htaccess files.

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
ToddF
Forum Newbie
Posts: 3
Joined: Thu Jun 20, 2002 1:51 pm

using PHP with .htaccess files.

Post by ToddF »

Here is my question. It involves using PHP and apache's .htaccess files.

What I basically want to know is, how do I redirect a bas user after a failed Authentication attempt.

Example:
One PHP script checks to see if $PHP_AUTH_USER is set and if not calls
header( sprintf("WWW-authenticate: basic realm=\"%s\"", $g_auth_realm ));
header( "HTTP/1.0 401 Unauthorized" );

to get them to provide a username and password. Now, how to I check that against the .htaccess and .htpasswd files I have in a subdirectory below the script.

The way I have it working now is that I check to see if $PHP_AUTH_USER is set, and if it is, I send them to the page that is a directory down behind the .htaccess file. Working that way, if they are an invalid user, they are prompted again, if they hit cancel, they get the 401 page. I want to give them a custom error message instead of the generic 401 page.

Any ideas on how to avoid the 401 page?
jason
Site Admin
Posts: 1767
Joined: Thu Apr 18, 2002 3:14 pm
Location: Montreal, CA
Contact:

Post by jason »

Actually, that is something you would set in httpd.conf for Apache, though I also believe you can set it in a .htaccess file. I imagine it works like a 404 file.

Just a question, what are you using .htaccess for? Why not use PHP? Nothing wrong with the way you are doing it...just curious. What is the use for a signup area like this?
ToddF
Forum Newbie
Posts: 3
Joined: Thu Jun 20, 2002 1:51 pm

Post by ToddF »

jason wrote:Actually, that is something you would set in httpd.conf for Apache, though I also believe you can set it in a .htaccess file. I imagine it works like a 404 file.
I don't want to replace the default 401 for the entire site, just for this one case.
I've looked over the .htaccess documentation, and I can't find a way to define a place to send the user if the authentication fails.
jason wrote:Just a question, what are you using .htaccess for? Why not use PHP? Nothing wrong with the way you are doing it...just curious. What is the use for a signup area like this?
I would rather just do it in php and oracle, but I have to do it with .htaccess instead. Not my decision, just my problem. *sigh*
jason
Site Admin
Posts: 1767
Joined: Thu Apr 18, 2002 3:14 pm
Location: Montreal, CA
Contact:

Post by jason »

Did a little searching for this.

http://httpd.apache.org/docs-2.0/misc/c ... rdocs.html

This appears to be what you want :?: It shows how to define the 401 page just for that particular directory.
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

You could have a 'smart' 401 error page that can detect where the error is coming from and display the page you want it to.

Mac
ToddF
Forum Newbie
Posts: 3
Joined: Thu Jun 20, 2002 1:51 pm

Post by ToddF »

Thanks.

It's pretty simple.

You just add a line to the .htaccess file.

Sorry for bothering.
Post Reply