Hi all, I have the following script that (in theory) would work:
<? function authenticate() { header("WWW-Authenticate: Basic realm=\"Member Area\""); header("HTTP/1.0 401 Unauthorized"); print("You must enter a valid login username and password to access this resource.\n"); exit; } if (!isset($PHP_AUTH_USER)) { authenticate(); } else { $c = mysql_pconnect("localhost","XXXXX","XXXXX"); mysql_select_db("httpauth",$c); $q=sprintf("SELECT username, password FROM login_table WHERE username='%s' AND password='%s'", $PHP_AUTH_USER,$PHP_AUTH_PW); $q=mysql_query($q); if (mysql_num_rows($q) == 0 ) { authenticate(); } // Open or create the .htpasswd file - store the username and a fake password $handle = fopen ("/path/to/file/.htpasswd", "a+"); // .htpasswd format is: USERNAME:PASSWORD $clean = rand(0,9999999999); $fake_password = crypt($clean,substr($clean,0,2)); $string = "$PHP_AUTH_USER:$fake_password\n"; fwrite($handle, $string); fclose($handle); // print "You are logged in as: $PHP_AUTH_USER with password $PHP_AUTH_PW - FAKE IS: $fake_password"; $url = "http://$PHP_AUTH_USER:$clean@server/member/index.php"; header ("Content-Location: $url"); } ?> So here is the basics: The user authenticates using http auth against a MySQL database - if the username and password is corrent then a NEW entry is created in a .htpasswd file - this file contains the username along with an unknown password. Why? To prevent people from posting passwords... (we can monitor the number of logins from the PHP script). If I make a Location: username:password@server/ then it simply fails :( However if I make a metatag with a refresh (GET) to the same url then it works just fine. Am I missing something? Or? Your input and help is appreciated - please answer to this email as well :-) Thanks in advance Regards -- Lasse Laursen <[EMAIL PROTECTED]> - Systems Developer NetGroup A/S, St. Kongensgade 40H, DK-1264 København K, Denmark Phone: +45 3370 1526 - Fax: +45 3313 0066 - Web: www.netgroup.dk - Don't be fooled by cheap finnish imitations ; BSD is the One True Code -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php