html login box with .htaccess password file?

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
ramstein
Forum Newbie
Posts: 6
Joined: Mon Jul 03, 2006 7:44 pm
Location: SD, CA

html login box with .htaccess password file?

Post by ramstein »

I currently have an .htaccess password protected directory with an external .pwd file

I need to make a generic login/password box on an html page for the login instead of the default brower login popup.

Is this even possible? It needs to be secure as well.

Any written tutorials on this?


I checked this, but this seems too complex for what im trying to do.
viewtopic.php?t=38810

and found this but its not complete.
viewtopic.php?t=46159&highlight=htaccess+login


this is my current htaccess

Code: Select all

IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

<Limit GET POST>
order deny,allow
deny from all
allow from all
require valid-user
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthType Basic
AuthName name
AuthUserFile /path/filename.pwd
AuthGroupFile /path/filename.grp
Thank you!
-rami
ramstein
Forum Newbie
Posts: 6
Joined: Mon Jul 03, 2006 7:44 pm
Location: SD, CA

Post by ramstein »

can anyone help me out on this? thanks.
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

This is not possible. At least, not the way it is right now.

Your first link is unrelated to the problem at hand. The second link is an interesting implementation that is tragically flawed and should not be used.

What you'll want to do is find out how to use url rewriting to force everything through a PHP script that will handle the appropriate authorization (as Feyd suggested in the second link but was not heeded.)
Post Reply