--- "Horatio B. Bogbindero" <[EMAIL PROTECTED]> wrote:
> >
> > Thanks Sir.. But i think this would mean that it's my
> > page that's causing apache authentication.. the
> > situation is there's a separate page not in my control
> > that is htaccess-protected. i cannot touch that page.
> > what i hope to achieve is, i want to have access to
> > that page without the user entering the username and
> > password at the dialog box. Instead, i will supply the
> > uname/pword to that page via some means
> > (get/post/cookies/etc) so the box will not appear to
> > ask for it anymore but instead, apache can take those
> > pair i send and authenticate it right away.
> >
> oic. sorry for the misunderstanding. i thought you were
> also in control of that page.
>
> > is that possible?
> >
> well, i have not tried this out personally. but, you can
> experiment my theory and share to PLUG the results of
> your
> endeavor.
>
> the idea: what you can do is that from the PHP page you
> control modify the session variables PHP_AUTH_USER and
> PHP_AUTH_PWD into the values you assigned. this will not
> be see by the users. having set this, apache will not
> authenticate anymore. IN THEORY.
>
> a better idea would be control the site yourself. this
> method
> is very messy and is prone to security loopholes.
>
> > perhaps a corollary question to the above is: how does
> > apache determine that you have been authenticated? I
> > notice that once you are logged, subsequent visits to
> > the page doesnt cause it to ask for pword again. How
> > does it store info that you have logged successfully
> > before? perhaps knowing this, i can do similarly and
> > trick apache into thinking my user is already
> > authenticated.
> >
> > any ideas?
> >
> >
> >
> >
> > --- "Horatio B. Bogbindero" <[EMAIL PROTECTED]>
> > wrote:
> > > >
> > > > I appreciate private responses to this if deemed
> > > too
> > > > OT for public post.
> > > >
> > > > i have a site controlled by php sessions that
> > > requires
> > > > the user to login. Once logged in, certain types
> > > of
> > > > users will find a link to another page that is
> > > > protected by htaccess. If they click on it, apache
> > > > will prompt them for a uname/password; apache
> > > htaccess
> > > > authentication in this case uses a password table
> > > > synchronized with what my php login page uses.
> > > >
> > > > I find logging in twice not so neat.
> > > >
> > > > Is there a way I can supply the username/password
> > > to
> > > > that htaccess-protected page so that apache's box
> > > will
> > > > not appear? Like, supplying the uname/pass pair
> > > via
> > > > GET or POST or cookies or however? Note that the
> > > php
> > > > login combination is same with what apache
> > > expects.
> > > >
> > > > I would have included that page as part of my php
> > > site
> > > > but i just dont have control over that page.
> > > >
> > > <?php
> > > function authenticate() {
> > > Header( "WWW-authenticate: basic realm='Test
> > > Authentication System'");
> > > Header( "HTTP/1.0 401 Unauthorized");
> > > echo "You must enter a valid login ID and
> > > password to access this resource\n";
> > > exit;
> > > }
> > >
> > > if(!isset($PHP_AUTH_USER) || ($SeenBefore == 1 &&
> > > !strcmp($OldAuth,$PHP_AUTH_USER)) ) {
> > > authenticate();
> > > }
> > > else {
> > > echo "Welcome: $PHP_AUTH_USER<BR>";
> > > echo "Old: $OldAuth";
> > > echo "<FORM ACTION=\"$PHP_SELF\"
> > > METHOD=POST>\n";
> > > echo "<INPUT TYPE=HIDDEN NAME=\"SeenBefore\"
> > > VALUE=\"1\">\n";
> > > echo "<INPUT TYPE=HIDDEN NAME=\"OldAuth\"
> > > VALUE=\"$PHP_AUTH_USER\">\n";
> > > echo "<INPUT TYPE=Submit VALUE=\"Re
> > > Authenticate\">\n";
> > > echo "</FORM>\n"; }
> > > ?>
> > >
> > > this will simply check if the user is already
> > > authenticated. if not it
> > > will force the user to authenticate.
> > >
> > > i hope this is what you need.
> > >
> > >
> > > _
> > > Philippine Linux Users Group. Web site and archives
> > > at http://plug.linux.org.ph
> > > To leave: send "unsubscribe" in the body to
> > [EMAIL PROTECTED]
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Yahoo! Shopping - Thousands of Stores. Millions of
> Products.
> > http://shopping.yahoo.com/
> >
> > _
> > Philippine Linux Users Group. Web site and archives at
> http://plug.linux.org.ph
> > To leave: send "unsubscribe" in the body to
> [EMAIL PROTECTED]
> >
>
>
> ---------------------
> [EMAIL PROTECTED]
>
> Life is like a tin of sardines.
> We're, all of us, looking for the key.
> -- Beyond the Fringe
>
>
>
> _
> Philippine Linux Users Group. Web site and archives at
> http://plug.linux.org.ph
> To leave: send "unsubscribe" in the body to
[EMAIL PROTECTED]
__________________________________________________
Do You Yahoo!?
Yahoo! Shopping - Thousands of Stores. Millions of Products.
http://shopping.yahoo.com/
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
