Need help with htaccess to multiple directories

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
ehamburg
Forum Newbie
Posts: 4
Joined: Mon Sep 06, 2004 6:26 pm

Need help with htaccess to multiple directories

Post by ehamburg »

feyd | Please use

Code: Select all

tags when posting code. Read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]


I am a novice scripter. I am trying to create a section on my website where I can validate various clients and direct the to web page with work product for their various engagements I have with them. I downloaded the following script from hotscripts.com and can get it to work with appropriate modifications to the variables to validate to a single directory:

Code: Select all

<html>
<?php
#############################################
# PHP/Htaccess login made simple #
# #
# This script made by AvidNewmedia © 2004 #
# #
# This script will work with any htaccess #
# protected directory. It will also work #
# with CPanel access for hosting companies #
# #
#############################################

// the domain variable is where you would place
// the directory or URL that is htaccess protected.
// Make sure you DO NOT use the trailing slash, and don't include "http" in the 
// domain variable or it won't work.

#your domain or ip
$domain = "foo.com/foo";

// Get Variables and create a url
$user = $_GET['username'];
$pass = $_GET['password'];
$pre = "http://";
$goto = "$pre$user:$pass@$domain";


?>
<body onLoad="setTimeout('document.forms[0].submit();',2)">
<form action="<?=$goto?>" method="post">
<input type="hidden" name="user" value="<?=$user?>">
<input type="hidden" name="pass" value="<?=$pass?>">
<input type="hidden" name="login" value="login">
</form>
</body>
</html>
What I would like to do is have a protected directory for each of my clients based on the user entered field for their user name and then direct them to the password protected directory based on the same name. I am surmising that I should be able to do this by modifying the variable:

Code: Select all

$goto = "$pre$user:$pass@$domain";
to something like:

Code: Select all

$goto = "$pre$user:$pass@$domain/$user";
but this is not working, probably because of the syntax related to the forward slash between $domain and $user is incorrect.

In another BB it was suggested to me that the correct syntax for the above line would be:

Code: Select all

$goto = '$pre' . '$user' . ':' . '$pass' . '@' .'$domain' . '/'  . '$user';
but this produces the folowing error:

Parse error: parse error, unexpected T_STRING in /home/ehamburg/public_html/clients/phplogin.php on line 27

Please note that this code is contained is contained in a file named phplogin.php and is called from a web page with the entry form for the user ID and password with the following code:

Code: Select all

&lt;div id="layer2"&gt;
         &lt;h3&gt;Client Login&lt;/h3&gt;
        &lt;form id="FormName" action="http://www.foo.com/foo/phplogin.php" method="get" name="Client Login"&gt;
        &lt;label&gt;User ID:  &lt;/label&gt;&lt;input type="text" name="textfieldName" size="20"&gt;&lt;p&gt;
&lt;label&gt;Password: &lt;/label&gt;&lt;input type="password" name="textfieldName" size="20"&gt;&lt;/p&gt;
        &lt;p&gt;&lt;button name="Submit" type="button"&gt;submit&lt;/button&gt;&lt;/p&gt;
        &lt;/form&gt;
        &lt;/div&gt;

//
Any help in getting me pointed in the right direction is appreciated.


feyd | Please use

Code: Select all

tags when posting code. Read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]
User avatar
neophyte
DevNet Resident
Posts: 1537
Joined: Tue Jan 20, 2004 4:58 pm
Location: Minnesota

Post by neophyte »

Hmmmm

Code: Select all

$goto = '$pre' . '$user' . ':' . '$pass' . '@' .'$domain' . '/'  . '$user';
Well for starters I'd try rewriting the above like this:

Code: Select all

$goto = $pre . $user.':'.$pass.'@'.$domain.'/'.$user;
And then in the form action where it says:

Code: Select all

<form action="<?=$goto?>" method="post">
try:

Code: Select all

<form action="<?echo = $goto; ?>" method="post">
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

**

Code: Select all

&lt;form action="&lt;?php echo $goto; ?&gt;" method="post"&gt;
ehamburg
Forum Newbie
Posts: 4
Joined: Mon Sep 06, 2004 6:26 pm

Post by ehamburg »

The changes:

$goto = $pre . $user.':'.$pass.'@'.$domain.'/'.$user;
and
<form action="<?php echo $goto; ?>" method="post">

are now getting me past the syntax error, but when I execute the form I get the error page from Apache:

Not Found
The requested URL /clients/ was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

The URL that appears in the browser at this point is http://foo/clients/

"/clients" is the directory in public_html that only contains the phplogin.php script (and does exist ... if I type the URL in manually I get a directory listing of /clients), but I am trying to get to a protected sub-directory of /clients that is the same name as the $user variable in which I have an index.html file with the particular client's information.

It doesn't seem as if the php code is constructing the full string to form the URL ...[/b][/quote]
ehamburg
Forum Newbie
Posts: 4
Joined: Mon Sep 06, 2004 6:26 pm

Figured it out

Post by ehamburg »

I got this to work by creating another variable, $subdir and assigning it the value of 'user' from the form input:

Code: Select all

$subdir = $_GET['user'];
and then constructing the URL as:

Code: Select all

$goto = $pre.$user.':'.$pass.'@'.$domain.'/'.$subdir;
Is 'username' a reserved word in php?

Thanks for the help with the syntax.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

'username' is not a reserved word last I saw.
ehamburg
Forum Newbie
Posts: 4
Joined: Mon Sep 06, 2004 6:26 pm

Post by ehamburg »

Thanks.

... but ...

this now seems to be moot. I was testing this using the Safari browser where it worked fine. I then went to a PC to test on IE when I clicked submit nothing happened. Then I tested it back on my Mac using IE and Camino and same behavior. Did some surfing and found:
http://weblogs.asp.net/cumpsd/archive/2 ... 69366.aspx
which leads me to believe that this authentication method is a) not supported under IE due to security concerns.

Is there another way to implement authentication using the scripting method I have worked out here using htaccess protected directories, or do I need to find a different, and more complex method?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

different, probably.. more complex.. not really.. we've had a few threads about authentication here on the forums.. read through a few, you may find a solution that's actually pretty simple, and more secure.
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

Btw, since a couple of months the protocol://user:pass@host isn't allowed anymore by IE for security reasons...
Post Reply