Hi, SVN features a mixed authentication/anonymous access (see http://svnbook.red-bean.com/nightly/en/svn.serverconfig.httpd.html#svn.serverconfig.httpd.authz.perdir.ex-3).
I want to achieve the same functionality using a PHP script: allow anonymous access until accessing some special content and than request authentification which should be checked according to a htaccess-file.
As far as i understand the SVN example the authentification is performed by the Apache modules. I configured the ".htaccess" file to look similar: Order allow,deny Allow from all AuthType Basic AuthName "Realm" AuthUserFile "/path/to/.htusers" require valid-user Satisfy any Additionally a PHP script is inside the same folder. When you now browse to the URL of the PHP script, you can access it without any credentials requested. At some point the PHP script "decides" that authentification is required (e.g. when passing a param like "?need-auth=1"). I suppose this is similar to how the mixed authentication/anonymous access in SVN works (?). Therefore it sends the following two headers: WWW-Authenticate: Basic realm="Realm" HTTP/1.x 401 Unauthorized Then the user is asked to insert username/password for the basic auth. But now comes the problem: The apache will ALWAYS let the user pass as anonymous access is always granted. I suppose the webserver does not even try to authenticate the user credentials. Therefore it is not possible to decide in PHP if the user is anonymous or has been successfully authenticated. How is this performed in SVN for the mixed authentication/anonymous access? What i do not want is: - check the credentials in PHP (due to the many different auth-methods which could be configured with Apache) - have a dummy anonymous user like "guest" with password "guest" - split anonymous and authenticated parts in separate folders (to use separate .htaccess-files) I hope to get some enlightenment from the way SVN realizes this feature. Any feedback is highly appreciated. Thank you Dirk
