I'm using an apache server on Linux (Red Hat) and the cgi php module. It is possible to password protect pages and directories in apache without going through php (although it doesn't use a database).
Is it possible to use php to log someone into the apache auth setup?
What I mean is, I need to be able to check the username and password of a specific user in a mysql database, but I don't want to check it everytime any page is accessed. I'd much rather check it once then just set apache to let the user into a specific directory, and serve out regular html pages (in the belief that it will be faster than the cgi php module). I don't want to do simple javascript cookie checking because that is too easy to hack.
Is there a way to do this or am I stuck running everything through the cgi php, and checking the database at every page access?
Is it even worth it (will it use less server resourses, be faster, etc?)?
Thanks.
password protection without a php page?
Moderator: General Moderators
RE: password protection without PHP
I would just use the PHP apache module instead of the CGI version and make use of PHP's built-in session-tracking. You won't need to do user validation for each subsequent page if you're using this. You'll register a session on the initial login, register any session variables then and there, and at the top of each subsequent page, just run a quick "yes, this user has an active session" check before loading the page. In your case, I would think this to be preferrable since you're already using PHP for the initial authentication anyway... This really won't incur a significant performance hit...
-Ryan
-Ryan
RE: password protection without a PHP page
I think I've found what yer lookin' fer, cap'n...
Chapter 17. HTTP authentication with PHP -- in the PHP manual...
-Ryan
Chapter 17. HTTP authentication with PHP -- in the PHP manual...
-Ryan
Unfortunately I cannot change the server configuration. It is a shared server and they use the cgi version of php (and like hundreds of other things like chilisoft asp, miva, etc). I would love to use the apache module for many reasons (like setting the ini vars using htaccess files instead of setting them in the script everytime using set_ini()).
Anyway, would the HTTP authentication be faster than using php session vars with the cgi version of php?
Thanks again.
Anyway, would the HTTP authentication be faster than using php session vars with the cgi version of php?
Thanks again.