Apache authentication
Posted: Thu Apr 15, 2004 11:25 pm
Here is what I am used to doing:
1 - Show the user a form, asking login and password.
2 - Validate login and pass in the database.
3 - Redirect the user to the protected dir (.htaccess+.htpasswd) with the login and pass in the URL (http://user:pass@www.mysite.com/protecteddir/), so that he doesn't get prompted for password again.
The problem is that IE doesn't support sending user:pass on the URL anymore. How can I redirect the user to a protected dir without displaying the login box?
I could do the other way around:
1 - Redirect the user to a protected dir
or
1 - Send headers to the user to force the login box to appear
2 - Use $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] to validate the user on the database.
But this solution is not acceptable. I must not use the browser's login box. I must use my form to authenticate him. And this solution would only work if the user:pass in the database were the same as the one in htpasswd, which is not the case.
Basically I need a workaround for this IE patch. I must somehow tell IE the user:pass it must use to access the protected dir.
1 - Show the user a form, asking login and password.
2 - Validate login and pass in the database.
3 - Redirect the user to the protected dir (.htaccess+.htpasswd) with the login and pass in the URL (http://user:pass@www.mysite.com/protecteddir/), so that he doesn't get prompted for password again.
The problem is that IE doesn't support sending user:pass on the URL anymore. How can I redirect the user to a protected dir without displaying the login box?
I could do the other way around:
1 - Redirect the user to a protected dir
or
1 - Send headers to the user to force the login box to appear
2 - Use $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] to validate the user on the database.
But this solution is not acceptable. I must not use the browser's login box. I must use my form to authenticate him. And this solution would only work if the user:pass in the database were the same as the one in htpasswd, which is not the case.
Basically I need a workaround for this IE patch. I must somehow tell IE the user:pass it must use to access the protected dir.