Aaron and I have discussed this offline. He has a PHP front-end running on one server which he is using to control access to pages on another server (the target). He wants the front-end code to collect and check the user's credentials, then request an appropriate URL from the target and relay the result back to the client. This is a reverse proxy arrangement.
However, the pages on his target are password-protected, so he has to send the credentials in the URL. I recently looked at the same problem. I couldn't see how to get the standard apache proxy to send the credentials across, so I wrote my own proxy in PHP. It's not very pretty and it's slow, but it does the trick. The only difficult bit is sending the credentials. HTTP expects the password in base64 encoding. SECURITY WARNING: This code uses a hard-coded user-name and password, which begs the question of where they would come from in the real world. You could collect them via a form, but then they will be sent to the PHP script as arguments and so the password will be visible in the URL box of the browser window. (Any better suggestions?) This is part of a bigger project, so I have to edit the code for publication, and I haven't checked it. Let's hope my fingers are working properly tonight. I have put the code onto the end of this note. I would welcome any feedback. Simon > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: 14 January 2002 17:41 > To: [EMAIL PROTECTED] > Subject: [PHP] apache authentication > > > Hi, > > I am using the Nusphere application server with apache user directories. > I have several protected user > directories that are of different realms. When a user logs into the > 'secure area' i would like to send them > to pages contained in a secure directory but pass the encoded user:pass > in the URL as to avoid the pop-up > apache authentication dialogue. Is this possible and how do i achieve > this? > > TIA, > > Aaron Lake > Programmer/Analyst > Kvaerner Chemetics > A Division of Kvaerner Canada Inc > (604) 730 4206 ------------------------- proxy.php------------------------------- <HTML> <HEAD> <TITLE>Login</TITLE> </HEAD> <BODY> <?php // Simple PHP reverse proxy. Takes a URL as argument and accesses // that URL from a specified remote web server. Need to pass // user name and password, so need to use raw HTML requests, // typically something like: // // GET /userpages/foo/index.html // Authorization: Basic <B64> // Host:intra.local.sys // <blank line> // // where <B64> is authName:authPassword in base 64 form. The PHP // manual entry for fsockopen(0 advises you to put CR chars at the // end of each line as well as LFs. // // Copyright 2002 Simon Ritchie, Merrow Internet Services // (www.merrowinternet.com) $server = "intra.local.sys"; $authName = "foo"; // In a real application, you would $authPassword = "bar"; // get these from somewhere. $cred = $authName . ":" . $authPassword; $b64cred = base64_encode($cred); $req1 = "GET /" . $URL . " HTTP:/1.1\r\n"; $req2 = "Authorization: Basic " . $b64cred . "\r\n"; $req3 = "Host:" . $server . "\r\n"; $intra = fsockopen($server, 80) or die("cannot access " . $server); if (strlen($cred) > 0) { // send authenticated request fputs($intra, $req1); fputs($intra, $req2); fputs($intra, $req3); fputs($intra, "\r\n"); } else { // send anonymous request fputs($intra, $req1); fputs($intra, $req3); fputs($intra, "\r\n"); } // the server returns a set of headers, a blank lines separator // and the HTML page. This PHP code will send appropriate // headers back to the client, so here we just want to print // the HTML page. $text = fgets($intra, 4096); while (!feof($intra)) { // eat headers until ... $text = fgets($intra, 4096); if (strcmp($text, "\n") == 0 || strcmp($text, "\r\n") == 0) { // ... blank line break; } } while (!feof($intra)) { // present the rest $text = fgets($intra, 4096); echo($text); } exit; ?> </BODY> </HTML> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
