HTML based auth for apache protected directories

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
neophyte
DevNet Resident
Posts: 1537
Joined: Tue Jan 20, 2004 4:58 pm
Location: Minnesota

HTML based auth for apache protected directories

Post by neophyte »

Has anybody successfully used a HTML based form against a password protected directory to gain authorization to the directory? (Did I say that right?) I've read tutorials on how to use the 401 unauthorized username and password prompt. But that is not what I want.

I'm thinking I want to do something like: 1)user submits username and password through html form, 2)verify username and password against .htpasswd file 3) header redirect to apache password protected directory to gain authorization to directory without the prompt.

Does anybody know what headers need to be sent to the directory? Does anybody know of a good class to handle this?

Help plz?
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

There is (afaik) no way that you can tell the client which headers it should use for (following) requests...
User avatar
neophyte
DevNet Resident
Posts: 1537
Joined: Tue Jan 20, 2004 4:58 pm
Location: Minnesota

Post by neophyte »

Check this out. I found this guy's attempt at the same. He uses XMLHttp and Javascript. This guy is attempting exactly what I was thinking about in my first post.

His explanation is here:

http://www.peej.co.uk/articles/http-aut ... forms.html

You can try it here:

http://www.peej.co.uk/sandbox/htmlhttpauth/

I don't see the form in FF2.0 on Linux. I can see the form in Konq but the submit button is broke. The author claims it works in IE 6. I got the form to come up in FF 1.5 on Linux and was able to authenticate.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

You could always protect them with PHP.
User avatar
neophyte
DevNet Resident
Posts: 1537
Joined: Tue Jan 20, 2004 4:58 pm
Location: Minnesota

Post by neophyte »

This is very true. I'm aware of how to create 401 unauthorized headers for prompts and what not. In the end, I probably will include PHP through Server Side Includes and block the door that way. That would probably be the cleanest way to do it and the least problematic.

Still, it's nice to know that if you work really hard you could actually get past those clunky browser produced prompts.
Post Reply