At 23.04.2002  09:52, you wrote:
>I have one directory that is protected with an .htaccess file on my server
>where I store all member content. What I want to do is have a page where
>members can log in, and after they have entered there user name and password
>I what the php script to authenticate them against the .htaccess file. If
>they are authenticated I would like to keep track of that as one of there
>session variables, so that they do not have to re-authenticate when they try
>to access content in the protected directory. Essentially what I am trying
>to do is give them access to the .htaccess protected based from a "submit
>form". Instead of requiring that they get the standard user name and
>password pop up window that one gets when you try to access a directory that
>is password protected on Apache.

Why do you want to make such a hassle ??
If you auth via Apache, then it´s a secure thing, as these vals where put 
If you want people to access a hidden directory or a .htyccess closed dir,
you´ll send their user/pw combination plaintext, unless you use https.
Also, if they auth´ed one time, the browser will remember the data, until
it is closed. The auth-popup will be shown in the browsers language.

If you want apache, to get scripts or data from a "secured" directory, 
forget it
or include the apache user in the .htpasswd, but that´s not a good idea.

HTH Oliver

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to