Authentication

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
dazer
Forum Newbie
Posts: 3
Joined: Tue Aug 06, 2002 2:17 am

Authentication

Post by dazer »

Hi.

I have a kind of weird problem. I have a portal page with a community login. The information that the user is authenticated is stored in my PHP-session. Works all fine if I stay on my portal.

Now I have some content that is outside from my scripts (like phpMyAdmin), so I can not test for my session-parameter in that content. But I want that content only delivered to the authenticated users.

I restrict access with a .htacces file, so the user has to authenticate again in the passwd-popup. Is there some way to pass my authentication information to the HTTP-authentication?

I had the following ideas (which all seem useless):

- Check authentication, if ok, do a redirect to http://user:pass@mydomain/phpmyadmin/index.php3. Useless, because you can see the passwd in the URL-field of the browser.

- Send the Authenticate Header in the Request. But how could I do that?

Mybe there is a solution outside PHP? My PHP version is something > 4.1 (don't know correctly), Apache 1.3.26.

I hope I described my problem clear enough, TIA,
dazer
User avatar
hob_goblin
Forum Regular
Posts: 978
Joined: Sun Apr 28, 2002 9:53 pm
Contact:

Post by hob_goblin »

try reading this:

http://www.php.net/manual/en/features.http-auth.php

see if it helps
User avatar
llimllib
Moderator
Posts: 466
Joined: Mon Jul 01, 2002 2:19 pm
Location: Baltimore, MD

Post by llimllib »

If it's on the same server, why couldn't you still check the session? just edit phpmyadmin to check for the correct sessions by adding an include to the top of them.
If that doesn't suit you, you can try using the CURL library to send a custom request to phpmyadmin with the authenticate header in it.
dazer
Forum Newbie
Posts: 3
Joined: Tue Aug 06, 2002 2:17 am

Post by dazer »

Hi again.

First, thank you for your help.

I know about the HTTP auth mechanism. But thats not my problem. I also know about the RFCs about that topic.
If it's on the same server, why couldn't you still check the session? just edit phpmyadmin to check for the correct sessions by adding an include to the top of them.
Ok, I could do that. But what if I want to that with other content, maybe just a directory with HTML-files? But you are right, that would work just for PHPMyAdmin. Sorry, I forgot to mention that PHPMyAdmin is just an example.
If that doesn't suit you, you can try using the CURL library to send a custom request to phpmyadmin with the authenticate header in it.
Thank you, I will look for CURL. Sending a custom request was also an idea from me earlier. But I didn't know to do that.

So, I'll try CURL, maybe that's what I'm searching for.
Post Reply