I have a directory 'admin' that has been .htaccess'ed off. Ie, If you
point your browser at that directory, you will be prompted with an HTTP
authentication dialog. Nothing special about PHP or MySQL there. I like
the security that .htaccess and Apache give me.
Now, I have users in a MySQL table with md5 passwords stored for each.
These users use an HTML form to log in to my site. Some of these users
are admin users. When these admin users log in, I'd like them to have
access to the 'admin' directory without being prompted with the HTTP
authentication dialog. Is there anyway to use PHP to tell Apache that a
user has been authenticated and that it need not throw up the HTTP
In case any of the foregoing is unclear, here's the process I want:
1. A non-authenticated user tries to access the directory 'admin', so
Apache tosses up the HTTP authentication dialog. If they enter their
user name and password, they will be admitted (done without PHP or
MySQL, .htaccess and a passwd file).
2. A non-admin user authenticates with my HTML form, then they try to
hit the 'admin' directory. The same thing happens as above.
3. An admin user authenticates with my HTML form, PHP tells Apache that
this user has been authenticated. Then the user goes to the 'admin'
directory, and is admitted without any other authentication.
So, another question: To solve this problem from a different angle, is
there a way to have Apache's .htaccess specify SQL to determine a user's
credentials? Ie, when they visit the 'admin' directory, Apache could
look up their record in the user table and determine if they are an
Sorry for the long explanation, but I wanted to make sure I was clear as
this is a little bit of a funky request.
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php