php HTTP authorize without prompt box
Moderator: General Moderators
php HTTP authorize without prompt box
Hi!
I wonder if there is a posibillity to authorize user (using something like HTTP authorization) to view secured folder without to type username and password into prompt box.
e.g.: On server I have folder which require authorization. I also have some script lik login.php (outhiside restricted folder ofcourse). Now I would like do something like that:
if($_POST["user"]="bla bla" && $_POST["pass"]=="bla bla"){
authorize_user_for_restricted_folder("username", "password");
}
One simple way to do this is open url like http://user:pass@domainname.com with user/pass but it than - it bothers me as browser is telling me that i will authorize.
Someone know good solution?
p.s. something like getfile.php?file=img.jpg wouldn't go in my case.
I wonder if there is a posibillity to authorize user (using something like HTTP authorization) to view secured folder without to type username and password into prompt box.
e.g.: On server I have folder which require authorization. I also have some script lik login.php (outhiside restricted folder ofcourse). Now I would like do something like that:
if($_POST["user"]="bla bla" && $_POST["pass"]=="bla bla"){
authorize_user_for_restricted_folder("username", "password");
}
One simple way to do this is open url like http://user:pass@domainname.com with user/pass but it than - it bothers me as browser is telling me that i will authorize.
Someone know good solution?
p.s. something like getfile.php?file=img.jpg wouldn't go in my case.
Hi again!
I agree that it is not the safest way but in my example it is the best - no matter how funny this sounds
Script now works cool on Firefox but I have problems on IE.
I have found up that urls with username and password don't work in IE:
e.g. http://user:pass@www.page.com/password_proteded_folder/index.html
And becouse of this... my script is worthless ... Someone knows how could i fix this problem?
Is there isn't possibility to set username and password using header()?
I agree that it is not the safest way but in my example it is the best - no matter how funny this sounds
Script now works cool on Firefox but I have problems on IE.
I have found up that urls with username and password don't work in IE:
e.g. http://user:pass@www.page.com/password_proteded_folder/index.html
And becouse of this... my script is worthless ... Someone knows how could i fix this problem?
Is there isn't possibility to set username and password using header()?
The feature to place usernames and password in the URL was disabled for security reasons. This is so insecure that it puzzles me that you even think about using something like this.
Here is an example
you log in your admin with http://user:pass@mydomain.com
after surfing the site he goes directly to:
hisfavouritepornsite.com
now the referer shows up in the logs of hisfavouritepornsite.com and guess what it shows:
http://user:pass@mydomain.com
and you now have at least one admin to be able to log into your admin section which you probably want to avoid by all costs.
Here is an example
you log in your admin with http://user:pass@mydomain.com
after surfing the site he goes directly to:
hisfavouritepornsite.com
now the referer shows up in the logs of hisfavouritepornsite.com and guess what it shows:
http://user:pass@mydomain.com
and you now have at least one admin to be able to log into your admin section which you probably want to avoid by all costs.