Page 1 of 1

using PHP with .htaccess files.

Posted: Thu Jun 20, 2002 1:51 pm
by ToddF
Here is my question. It involves using PHP and apache's .htaccess files.

What I basically want to know is, how do I redirect a bas user after a failed Authentication attempt.

Example:
One PHP script checks to see if $PHP_AUTH_USER is set and if not calls
header( sprintf("WWW-authenticate: basic realm=\"%s\"", $g_auth_realm ));
header( "HTTP/1.0 401 Unauthorized" );

to get them to provide a username and password. Now, how to I check that against the .htaccess and .htpasswd files I have in a subdirectory below the script.

The way I have it working now is that I check to see if $PHP_AUTH_USER is set, and if it is, I send them to the page that is a directory down behind the .htaccess file. Working that way, if they are an invalid user, they are prompted again, if they hit cancel, they get the 401 page. I want to give them a custom error message instead of the generic 401 page.

Any ideas on how to avoid the 401 page?

Posted: Thu Jun 20, 2002 1:58 pm
by jason
Actually, that is something you would set in httpd.conf for Apache, though I also believe you can set it in a .htaccess file. I imagine it works like a 404 file.

Just a question, what are you using .htaccess for? Why not use PHP? Nothing wrong with the way you are doing it...just curious. What is the use for a signup area like this?

Posted: Thu Jun 20, 2002 2:04 pm
by ToddF
jason wrote:Actually, that is something you would set in httpd.conf for Apache, though I also believe you can set it in a .htaccess file. I imagine it works like a 404 file.
I don't want to replace the default 401 for the entire site, just for this one case.
I've looked over the .htaccess documentation, and I can't find a way to define a place to send the user if the authentication fails.
jason wrote:Just a question, what are you using .htaccess for? Why not use PHP? Nothing wrong with the way you are doing it...just curious. What is the use for a signup area like this?
I would rather just do it in php and oracle, but I have to do it with .htaccess instead. Not my decision, just my problem. *sigh*

Posted: Thu Jun 20, 2002 2:20 pm
by jason
Did a little searching for this.

http://httpd.apache.org/docs-2.0/misc/c ... rdocs.html

This appears to be what you want :?: It shows how to define the 401 page just for that particular directory.

Posted: Thu Jun 20, 2002 2:20 pm
by twigletmac
You could have a 'smart' 401 error page that can detect where the error is coming from and display the page you want it to.

Mac

Posted: Thu Jun 20, 2002 2:56 pm
by ToddF
Thanks.

It's pretty simple.

You just add a line to the .htaccess file.

Sorry for bothering.