I don't think the process is an extra step at all. In fact, it's just a
trade off using one or the other. You can either login using php and a
database backend or just authenticate using .htaccess directives.
In my case (a few months back) what I was trying to do was offer up a
single login page for 500 or so different companies each having their own
directory on my server. Each directory is password protected via
.htaccess. They would all login using my php interface which would in turn
check the username and password for matching. Their database record would
also contain the URL to their directory on my server. After logging in I
tried to use a header call containing the username, password and URL but
it never quite worked although you can actually do it in the address bar
of the browser with ease. Theoretically it should work like a charm but I
never got the chance to investigate any further because I was rushed off
to the next "Big Project."
Ed
On Mon, 3 Feb 2003, Chris Shiflett wrote:
> > There is a way to supposedly do this by authenticating
> > a username and password through php first through such
> > methods as database lookups and then passing the
> > username and password through $PHP_AUTH_USER and
> > $PHP_AUTH_PW using the header() command to point to the
> > URL of the .htaccess protected directory but I have
> > never gotten it to work myself.
>
> The variables $PHP_AUTH_USER and $PHP_AUTH_PW are available
> to you when the user authenticates via HTTP basic
> authentication. Thus, the user has already had to type in
> the username and password into a separate window, which is
> what the original poster is trying to avoid.
>
> To then send the user to another URL and supply the
> authentication credentials in the URL itself just creates
> an unnecessary step.
>
> > There isnt any PHP pages directed towards teh directory
> > itself. Its is just a hard link to the protected areas.
> > Are there any functions that support it?
> >
> > Im googling now ;)
>
> I'm still having a bit of trouble interpreting your
> question, so Google might have a hard time, too. :-)
>
> If you are protecting static resources such as images and
> HTML files with your Web server currently, the only way to
> protect these with PHP is to store them outside of the
> document root (so that your Web server cannot serve them
> directly) and serve them with PHP (using
> header("Content-Type: whatever")) once you have determined
> whether the user should be allowed to access the particular
> resource.
>
> Hopefully that can help refine your search.
>
> Chris
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
