Thanks Sir.. But i think this would mean that it's my
page that's causing apache authentication.. the
situation is there's a separate page not in my control
that is htaccess-protected. i cannot touch that page.
what i hope to achieve is, i want to have access to
that page without the user entering the username and
password at the dialog box. Instead, i will supply the
uname/pword to that page via some means
(get/post/cookies/etc) so the box will not appear to
ask for it anymore but instead, apache can take those
pair i send and authenticate it right away.
is that possible?
perhaps a corollary question to the above is: how does
apache determine that you have been authenticated? I
notice that once you are logged, subsequent visits to
the page doesnt cause it to ask for pword again. How
does it store info that you have logged successfully
before? perhaps knowing this, i can do similarly and
trick apache into thinking my user is already
authenticated.
any ideas?
--- "Horatio B. Bogbindero" <[EMAIL PROTECTED]>
wrote:
> >
> > I appreciate private responses to this if deemed
> too
> > OT for public post.
> >
> > i have a site controlled by php sessions that
> requires
> > the user to login. Once logged in, certain types
> of
> > users will find a link to another page that is
> > protected by htaccess. If they click on it, apache
> > will prompt them for a uname/password; apache
> htaccess
> > authentication in this case uses a password table
> > synchronized with what my php login page uses.
> >
> > I find logging in twice not so neat.
> >
> > Is there a way I can supply the username/password
> to
> > that htaccess-protected page so that apache's box
> will
> > not appear? Like, supplying the uname/pass pair
> via
> > GET or POST or cookies or however? Note that the
> php
> > login combination is same with what apache
> expects.
> >
> > I would have included that page as part of my php
> site
> > but i just dont have control over that page.
> >
> <?php
> function authenticate() {
> Header( "WWW-authenticate: basic realm='Test
> Authentication System'");
> Header( "HTTP/1.0 401 Unauthorized");
> echo "You must enter a valid login ID and
> password to access this resource\n";
> exit;
> }
>
> if(!isset($PHP_AUTH_USER) || ($SeenBefore == 1 &&
> !strcmp($OldAuth,$PHP_AUTH_USER)) ) {
> authenticate();
> }
> else {
> echo "Welcome: $PHP_AUTH_USER<BR>";
> echo "Old: $OldAuth";
> echo "<FORM ACTION=\"$PHP_SELF\"
> METHOD=POST>\n";
> echo "<INPUT TYPE=HIDDEN NAME=\"SeenBefore\"
> VALUE=\"1\">\n";
> echo "<INPUT TYPE=HIDDEN NAME=\"OldAuth\"
> VALUE=\"$PHP_AUTH_USER\">\n";
> echo "<INPUT TYPE=Submit VALUE=\"Re
> Authenticate\">\n";
> echo "</FORM>\n"; }
> ?>
>
> this will simply check if the user is already
> authenticated. if not it
> will force the user to authenticate.
>
> i hope this is what you need.
>
>
> _
> Philippine Linux Users Group. Web site and archives
> at http://plug.linux.org.ph
> To leave: send "unsubscribe" in the body to
[EMAIL PROTECTED]
__________________________________________________
Do You Yahoo!?
Yahoo! Shopping - Thousands of Stores. Millions of Products.
http://shopping.yahoo.com/
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
