Page 1 of 1

Authentication

Posted: Tue Aug 06, 2002 2:17 am
by dazer
Hi.

I have a kind of weird problem. I have a portal page with a community login. The information that the user is authenticated is stored in my PHP-session. Works all fine if I stay on my portal.

Now I have some content that is outside from my scripts (like phpMyAdmin), so I can not test for my session-parameter in that content. But I want that content only delivered to the authenticated users.

I restrict access with a .htacces file, so the user has to authenticate again in the passwd-popup. Is there some way to pass my authentication information to the HTTP-authentication?

I had the following ideas (which all seem useless):

- Check authentication, if ok, do a redirect to http://user:pass@mydomain/phpmyadmin/index.php3. Useless, because you can see the passwd in the URL-field of the browser.

- Send the Authenticate Header in the Request. But how could I do that?

Mybe there is a solution outside PHP? My PHP version is something > 4.1 (don't know correctly), Apache 1.3.26.

I hope I described my problem clear enough, TIA,
dazer

Posted: Tue Aug 06, 2002 9:23 am
by hob_goblin
try reading this:

http://www.php.net/manual/en/features.http-auth.php

see if it helps

Posted: Tue Aug 06, 2002 9:56 am
by llimllib
If it's on the same server, why couldn't you still check the session? just edit phpmyadmin to check for the correct sessions by adding an include to the top of them.
If that doesn't suit you, you can try using the CURL library to send a custom request to phpmyadmin with the authenticate header in it.

Posted: Tue Aug 06, 2002 12:42 pm
by dazer
Hi again.

First, thank you for your help.

I know about the HTTP auth mechanism. But thats not my problem. I also know about the RFCs about that topic.
If it's on the same server, why couldn't you still check the session? just edit phpmyadmin to check for the correct sessions by adding an include to the top of them.
Ok, I could do that. But what if I want to that with other content, maybe just a directory with HTML-files? But you are right, that would work just for PHPMyAdmin. Sorry, I forgot to mention that PHPMyAdmin is just an example.
If that doesn't suit you, you can try using the CURL library to send a custom request to phpmyadmin with the authenticate header in it.
Thank you, I will look for CURL. Sending a custom request was also an idea from me earlier. But I didn't know to do that.

So, I'll try CURL, maybe that's what I'm searching for.