Goetz Lohmann schrieb: > [EMAIL PROTECTED] schrieb: > >>I don't think the process is an extra step at all. In fact, it's just a >>trade off using one or the other. You can either login using php and a >>database backend or just authenticate using .htaccess directives. >> > > <snip> > > >>On Mon, 3 Feb 2003, Chris Shiflett wrote: >> >> >> >>>>There is a way to supposedly do this by authenticating >>>>a username and password through php first through such >>>>methods as database lookups and then passing the >>>>username and password through $PHP_AUTH_USER and >>>>$PHP_AUTH_PW using the header() command to point to the >>>>URL of the .htaccess protected directory but I have >>>>never gotten it to work myself. >>> >>>The variables $PHP_AUTH_USER and $PHP_AUTH_PW are available >>>to you when the user authenticates via HTTP basic >>>authentication. Thus, the user has already had to type in >>>the username and password into a separate window, which is >>>what the original poster is trying to avoid. >>> >>>To then send the user to another URL and supply the >>>authentication credentials in the URL itself just creates >>>an unnecessary step. >>> >>> > > <snip> > > In fact you could combine .htaccess AND $PHP_AUTH cause its > all depending on apache. Apache is looking for the variables > AUTH_USER and AUTH_PW ... not PHP ... PHP just send this via > header() and the Apache result is copyd to PHP_AUTH. > > That way you could use an PHP file to build the login page > and an .htacces file to define the restrictions > > use something like > > <FilesMatch "\.(gif|jpe?g|png|htm|html)$"> > require valid-user > </FilesMatch> > > to restrict access to the specified files and note that the > data of the .htpasswd must be the same as the user/password > definitions of the database. Maybe you might use mod_auth_db > instead of mod_auth. > With <FilesMatch> instead of <Limit> you only protect files > not the way/method how to get them. With the line above > all .html files are protected and .php files are not. > In combination with <DirectoryMatch> you could also make a > special definition range ... > > you only have to beware of the MD5 password ... use > > <?php > $password=crypt($PHP_AUTH_PW,substr($PHP_AUTH_PW,0,2)); > ?> > > to generate a password valid for an .htacces file
maybe take a look at http://www.diegonet.com/support/mod_auth_mysql.shtml ;-) -- @ Goetz Lohmann, Germany | Web-Developer & Sys-Admin \/ ------------------------------------------------------ () He's the fellow that people wonder what he does and || why the company needs him, until he goes on vacation. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
