Page 1 of 1
PHP with Apache authentication
Posted: Thu Feb 02, 2006 1:16 am
by farhan
Hi Guys,
I need little bit help. I have webportal in php. User normally logins under this portal through Php+Mysql
authentication module. There is a link inside this webserver1 which points to other websitewhich has simple a
apache authentication module. I want when user click webserver2 from webserver1 php should take session user
name and password and open webserver2 without prompting user name and password? I can create same user
name and password on both
webservers. Is it doable ?
Posted: Thu Feb 02, 2006 1:22 am
by josh
Since cookies cannot be shared between domains your script will have to pass the sessionID in the URL (you will have to explicitly pass this to a script that will assign the id to the user's session), you'd then have to have webserver 2 read the session data off webserver 1. Is this what you meant by "session" or did you mean http authentication? Does your PHP script maintain any other session data besides login and password?
Posted: Thu Feb 02, 2006 3:51 am
by farhan
hi jspro2,
Thanks for prompt reply. My main concern is "http authentication". I want when user login on webserver1 they dont need to give same user name
and password for webserver2. In php is there any method or function when user click webserver2 it gets session user name and password from
webserver1 and use this user name and password for webserver2 authentication.
Posted: Thu Feb 02, 2006 10:45 am
by josh
You will have to send server 2 some credentials in the link so it knows who the user really is
Posted: Thu Feb 02, 2006 5:06 pm
by farhan
Would you like be kind enough to describe how can i do that?
Farhan
Posted: Thu Feb 02, 2006 10:24 pm
by josh
If you have a database of users you can check against on both machines, just send the username and password as a hash through the get string
Code: Select all
http://server1.example/page.php?user=<?php echo $user; ?>&pass=<?php echo sha1($pass) ?>
.
Then grab that data through $_GET on the other server
Posted: Thu Feb 02, 2006 10:57 pm
by farhan
Hi jshpro2,
I have url like
http://server1/index.php which is .htpasswrd protected.
And i have user admin and password 789 for this
I tried to open this link according to your method but could not
http://server1/index.php?user=admin&pass=789
Am I doing right?
Posted: Thu Feb 02, 2006 11:12 pm
by josh
you will need a script that checks the get data and then sets the user as logged in, simply sending the credentials alone will not do it.
Posted: Thu Feb 02, 2006 11:29 pm
by farhan
Thanks for that. Basically I am a Sys admin not a programmer . Could you help me to give this script if you have or
just give some direction.
Heaps of thanks