using this method for a production environment is incredibly vulnerable. Just think of having a link on that page to some other site (or even having a third-party banner displayed) on which there is a hit counter (and on 90% there are) those can simply read the link in their logs.
Never ever use it if security is of a minimum importance or you're completely sure you know what you do. -- Maxim Maletsky [EMAIL PROTECTED] On Tue, 5 Nov 2002 02:04:52 +0100 "silver" <[EMAIL PROTECTED]> wrote: > hi - I'm not quite sure if this will help you, but lets give it a try: > > you could use this URL syntax: > http://user:password@;www.site.com to automatically log your user in to the > htaccess protected area. the bad thing about it is that user / password show > up in the URL, but you could hide this information with using frames... > are PHP/MySQL usernames + passwords the same like in Apache/HTTP? > > greets, > _andi > > > > > > > "Phillip Erskine" <[EMAIL PROTECTED]> schrieb im Newsbeitrag > news:F13i7M4BAyxJMXehYSo00004e46@;hotmail.com... > > > > I have a site that uses PHP/MySQL authentication for one section and > > Apache/HTTP authentication for another. Eventually I would like to use > only > > PHP and MySQL for authenticating users, but in the meantime, I have to use > > both. > > > > First, users will log in to the main section of the site and I will use > PHP > > session variables to maintain state for that section. What I would like > to > > be able to do is allow users to click a link that would redirect them to > the > > other section of the site and automatically log them in. > > > > The section of the site that users will be redirected to uses .htaccess > and > > .htpassword files to enforce HTTP authentication. > > > > Is this possible? If so, how? > > > > > > ========================= > > http://www.pverskine.com/ > > > > > > > > > > _________________________________________________________________ > > Protect your PC - get McAfee.com VirusScan Online > > http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
