User authentication using db when new user added
Posted: Fri Aug 01, 2008 3:25 pm
I'm attempting to implement user authentication using HTTP on an apache server (that isn't my own). The plan is that if a user successfully authenticates, they're directed from a page outside the restricted folder to one that is. I've made appropriate .htaccess files to restrict directories, and .htpasswd files to allow users in. From the many examples out there, I understand calling
header('WWW-Authenticate...
header('HTTP...
, grabbing the $_SERVER['PHP_AUTH_... variables, and comparing those against the username/password combinations in a database. What I don't understand, and haven't seen addressed, though, is this: what happens when a new user needs to be added? It's easy to add a new username/password to the database, but getting to an HTTP-restricted page also requires that the new username/password combination be in the appropriate .htpasswd file. If that's the case, it seems like I need to update .htpasswd every time I add a new user, which seems to defeat the purpose of using a database in the first place. Is there something I'm missing?
Thank you in advance for your time.
header('WWW-Authenticate...
header('HTTP...
, grabbing the $_SERVER['PHP_AUTH_... variables, and comparing those against the username/password combinations in a database. What I don't understand, and haven't seen addressed, though, is this: what happens when a new user needs to be added? It's easy to add a new username/password to the database, but getting to an HTTP-restricted page also requires that the new username/password combination be in the appropriate .htpasswd file. If that's the case, it seems like I need to update .htpasswd every time I add a new user, which seems to defeat the purpose of using a database in the first place. Is there something I'm missing?
Thank you in advance for your time.