Here is what I am used to doing:
1 - Show the user a form, asking login and password.
2 - Validate login and pass in the database.
3 - Redirect the user to the protected dir (.htaccess+.htpasswd) with the login and pass in the URL (http://user:pass@www.mysite.com/protecteddir/), so that he doesn't get prompted for password again.
The problem is that IE doesn't support sending user:pass on the URL anymore. How can I redirect the user to a protected dir without displaying the login box?
I could do the other way around:
1 - Redirect the user to a protected dir
or
1 - Send headers to the user to force the login box to appear
2 - Use $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] to validate the user on the database.
But this solution is not acceptable. I must not use the browser's login box. I must use my form to authenticate him. And this solution would only work if the user:pass in the database were the same as the one in htpasswd, which is not the case.
Basically I need a workaround for this IE patch. I must somehow tell IE the user:pass it must use to access the protected dir.
Apache authentication
Moderator: General Moderators
-
Illusionist
- Forum Regular
- Posts: 903
- Joined: Mon Jan 12, 2004 9:32 pm
- Pyrite
- Forum Regular
- Posts: 769
- Joined: Tue Sep 23, 2003 11:07 pm
- Location: The Republic of Texas
- Contact:
I'm just saying he can do all that he wants without php/mysql/html needed.
http://www.apacheweek.com/features/userauth
http://www.apacheweek.com/features/userauth
-
acerola2000
- Forum Newbie
- Posts: 4
- Joined: Thu Apr 15, 2004 11:25 pm
No, I can't do all I want without php/mysql.
- I must check the username:password against the one stored in the database.
- I must log the logins.
- I must keep track of who is online.
- The username:password in the database is not the same as the one in htpasswd.
- The browser's login box must not pop-up. I must use my own form to log the user in.
- I must check the username:password against the one stored in the database.
- I must log the logins.
- I must keep track of who is online.
- The username:password in the database is not the same as the one in htpasswd.
- The browser's login box must not pop-up. I must use my own form to log the user in.
-
acerola2000
- Forum Newbie
- Posts: 4
- Joined: Thu Apr 15, 2004 11:25 pm
I think you are mistaken. Apache does not keep track of the session. The login:pass is sent every time by the browser to apache. I have never heard of apache sessions. Only php sessions.Pyrite wrote:If you use Apache's .htaccess methods, the user only has to login once, and Apache keeps track of their session.
-
acerola2000
- Forum Newbie
- Posts: 4
- Joined: Thu Apr 15, 2004 11:25 pm
To simplify what I want:
I must somehow redirect the user to a htpasswd protected dir without showing him the login:pass box. The same way I could before with:
http://login:pass@www.mysite.com/protecteddir/
I must somehow redirect the user to a htpasswd protected dir without showing him the login:pass box. The same way I could before with:
http://login:pass@www.mysite.com/protecteddir/