bypassing HTTP authentication with PHP
Posted: Fri Feb 21, 2003 1:33 pm
I have a particular directory that I want to password protect to prevent accessing it by typing the path in a browser.
However, I would like to be able to let visitors of my site view the contents of the directory, but only via links on my site. Is it possible to bypass the HTTP authentication with something like this...
I figured that I could include something like this on the page with links to files in the protected directory to ensure that they are coming from my domain. If they are, I can set the $PHP_AUTH_USER and $PHP_AUTH_PW globals with the proper credentials and let'em in, otherwise .htaccess would protect it from outsiders.
I think I could solve this by using access control (order, allow, deny) on the server, but I don't have access.
Anyone done something like this or have any input?
Thanks
However, I would like to be able to let visitors of my site view the contents of the directory, but only via links on my site. Is it possible to bypass the HTTP authentication with something like this...
Code: Select all
if($HTTP_REFERER)
{
//set $PHP_AUTH_USER and $PHP_AUTH_PW with the correct username and password
}
else
{
// throw up username/password box
header('WWW-Authenticate: Basic realm="Restricted"');
header('HTTP/1.0 401 Unauthorized');
echo 'Authorization Required';
exit();
}I think I could solve this by using access control (order, allow, deny) on the server, but I don't have access.
Anyone done something like this or have any input?
Thanks