Hi.
I have a kind of weird problem. I have a portal page with a community login. The information that the user is authenticated is stored in my PHP-session. Works all fine if I stay on my portal.
Now I have some content that is outside from my scripts (like phpMyAdmin), so I can not test for my session-parameter in that content. But I want that content only delivered to the authenticated users.
I restrict access with a .htacces file, so the user has to authenticate again in the passwd-popup. Is there some way to pass my authentication information to the HTTP-authentication?
I had the following ideas (which all seem useless):
- Check authentication, if ok, do a redirect to http://user:pass@mydomain/phpmyadmin/index.php3. Useless, because you can see the passwd in the URL-field of the browser.
- Send the Authenticate Header in the Request. But how could I do that?
Mybe there is a solution outside PHP? My PHP version is something > 4.1 (don't know correctly), Apache 1.3.26.
I hope I described my problem clear enough, TIA,
dazer
Authentication
Moderator: General Moderators
- hob_goblin
- Forum Regular
- Posts: 978
- Joined: Sun Apr 28, 2002 9:53 pm
- Contact:
If it's on the same server, why couldn't you still check the session? just edit phpmyadmin to check for the correct sessions by adding an include to the top of them.
If that doesn't suit you, you can try using the CURL library to send a custom request to phpmyadmin with the authenticate header in it.
If that doesn't suit you, you can try using the CURL library to send a custom request to phpmyadmin with the authenticate header in it.
Hi again.
First, thank you for your help.
So, I'll try CURL, maybe that's what I'm searching for.
First, thank you for your help.
I know about the HTTP auth mechanism. But thats not my problem. I also know about the RFCs about that topic.
Ok, I could do that. But what if I want to that with other content, maybe just a directory with HTML-files? But you are right, that would work just for PHPMyAdmin. Sorry, I forgot to mention that PHPMyAdmin is just an example.If it's on the same server, why couldn't you still check the session? just edit phpmyadmin to check for the correct sessions by adding an include to the top of them.
Thank you, I will look for CURL. Sending a custom request was also an idea from me earlier. But I didn't know to do that.If that doesn't suit you, you can try using the CURL library to send a custom request to phpmyadmin with the authenticate header in it.
So, I'll try CURL, maybe that's what I'm searching for.