php + http authentication
Moderator: General Moderators
php + http authentication
Hi all, so here is my problem:
For the last few days I've been trying to duplicate the cPanel's login style..., what do I mean by this?, well, for what I understand, cPanel uses .htaccess to protect the private files, until the user logs in..., BUT you can also login trough a login form....
My problem comes when I try to login using that form..., because I can't find a way, once I've determined that the username and password match (using php with the htpasswd file), to tell htaccess that the user is logged...
Do I make any sence???
If not just ask, and I will try to clafiry things...
Thanks in advance!!!
Haora
For the last few days I've been trying to duplicate the cPanel's login style..., what do I mean by this?, well, for what I understand, cPanel uses .htaccess to protect the private files, until the user logs in..., BUT you can also login trough a login form....
My problem comes when I try to login using that form..., because I can't find a way, once I've determined that the username and password match (using php with the htpasswd file), to tell htaccess that the user is logged...
Do I make any sence???
If not just ask, and I will try to clafiry things...
Thanks in advance!!!
Haora
No one has any thouths on this???, I'm dying here people!!!, ANY ideas on how cPanel can make the html login form work with the htaccess???
The only thing I've found is using: login:password@myserver.com, but this approach doesn't work with IE...., what can I do???
Thanks[/quote]
The only thing I've found is using: login:password@myserver.com, but this approach doesn't work with IE...., what can I do???
Thanks[/quote]
My problem is with the other way, not after you log in via .htaccess, but after you login via a html form...., I've learned now, that you can access cookies from your .htaccess files, so what I'm doing now, is this:pickle wrote:After logging in via .htaccess file, dump your $_SESSION and $_COOKIE variables to see if they're populated.
- I log in from my html form, and set a cookie.
- Then, I put this in my .htaccess file:
RewriteEngine on
RewriteCond %{HTTP_COOKIE} !^.*loggedin=1.*$
RewriteRule .*$ http://myserver.com/login.html
For what I understand, that should tell htaccess to check for the cookie and if it doesn' contain: "loggedin=1", then redirect the user, to the login form, right???
The problem is, that it isn't working, using IEWatch, I can see, that if I enter the correct log in information, and the cookie is set, I can't access the protected folders 'cause htaccess is redirectingme back to the login form....
Any ideas???
Thanks for all the replys!
Haora
Yeah, I know, the problem, is that when I try to access an image (for instance), inside the protected directory, I should not be able to see it unless I'm logged in into the system.....feyd wrote:Why not just make this a php file? PHP can generate the "htaccess" login prompt and it can generate the HTML one too, all in the same script.
EDIT: It might be important to note that the .htaccess file is inside the directory: html, and the login form, is inside the directory, login, which is at the same level than "html", because maybe the problem is with the RewriteRule.....
How would that be?, I'm not very good with the regexps and htaccess...., right now I'm trying to specify a RewriteRule that checks if I'm in the "login" directory, so if I'm not, it redirects me back to /login/login.php.....but I can't find the right regexp...feyd wrote:You can force that to happen by not allowing anyone direct linking to the images or by using a rewrite in the htaccess that runs all queries through the interface script.
I would really appreciate your help in this matter...
Thanks again!
Haora
Well, for anyone who es interested or has a similar problem, I will post the solution I found:
The .htaccess file, would look something like this:
This says:
IF you're in a secured folder AND you do not have the cookie (that should be set once you are correctly logged in) THEN redirect the user
to the login page.
Otherwise it does nothing...., that way if you entered the correct login information, and the cookie was set, you can visit any page/image/file inside the secured folders...
One more thing, the ".htaccess" file is inside the "security" folder, and as you can see, the "login" folder is not secured....
Well, thanks for all the help, and hopefully this will be usefull for someone else some day....

The .htaccess file, would look something like this:
Code: Select all
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{REQUEST_URI} .*/security/secureForlder/.* [NC]
RewriteCond %{HTTP_COOKIE] !^.*nameOfCookie=conditionForGrantedAccess.*$
RewriteRule .* /security/login/login.php [L]IF you're in a secured folder AND you do not have the cookie (that should be set once you are correctly logged in) THEN redirect the user
to the login page.
Otherwise it does nothing...., that way if you entered the correct login information, and the cookie was set, you can visit any page/image/file inside the secured folders...
One more thing, the ".htaccess" file is inside the "security" folder, and as you can see, the "login" folder is not secured....
Well, thanks for all the help, and hopefully this will be usefull for someone else some day....