Re: [PHP] php htaccess logins and logouts
On Fri, Nov 27, 2009 at 12:12 AM, Ashley Sheridan a...@ashleysheridan.co.uk wrote: Hi all, I've got a site set up that is using an htaccess file to provide secure access to a directory. That is working fine. What I wondered was, is there a way to log out via PHP. As I understand it, the login mechanism is part of Apache, so I guess what I'm really asking is, is there a way that I can get Apache to end the 'session' that Apache has set up, using PHP? I'm sure I've seen cPanel do it, so I was wondering how easy this would be to do myself. IIRC if you unset $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] it will log you out. Cheers. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php htaccess logins and logouts
Hi, IIRC if you unset $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] it will log you out. I've done some research on this in the past - and not all browsers/web servers honour that as it's the browser that keeps the username/password cached and sends it after a 401 response, so the server knows nothing about the login - i.e. 1. User visits page 1 2. Server sends 401 Unauthorised header 3. Browser does not have any login details for the realm and prompts user 4. User inputs credentials, browser re-submits the request with the credentials attached 5. User visits page 2 6. Server sends 401 Unauthorised header 7. Browser has login details for the realm and re-submits the request with the credentials attached From the conclusion I came to after my research, there is no reliable way for the server to de-authorise a login after a 401 request. There are tricks you can do on the server, such as changing the authentication realm when the user has logged out - but if the user visits the same site again the realms will match and they will be logged in. I've seen a hack which uses a cookie on the user's machine - if the user has the cookie, the correct authentication realm is returned in the authentication request. If the user doesn't have the cookie, the server sends a random realm to trick the browser into thinking it's not logged in. By the time you've done all that, you might as well just use sessions. Regards, Andy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php .htaccess
On 1/11/06, enediel gonzalez [EMAIL PROTECTED] wrote: Hello I've a site with a .htaccess defined, the users have to enter the login and password to get in, Is it possible on php to ask the apache server wich user is using the current session? $_SERVER['REMOTE_USER'] -robin
RE: [PHP] php .htaccess
You may want to check this list of Authentication related code examples : http://www.weberdev.com/search.php3?searchtype=categorycategory=Authenticat ionsecondary=IsSub=1 Sincerely berber Visit the Weber Sites Today, To see where PHP might take you tomorrow. PHP code examples : http://www.weberdev.com PHP Web Logs : http://www.weberblog.com/ PHP MySQL Forums : http://www.weberforums.com/ Learn PHP Playing Trivia http://www.webertrivia.com Web Development Index http://www.weberindex.com Web Templates http://www.webertemplates.com Search for PHP Code from your browser http://toolbar.weberdev.com -Original Message- From: enediel gonzalez [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 11, 2006 4:50 PM To: php-general@lists.php.net Subject: [PHP] php .htaccess Hello I've a site with a .htaccess defined, the users have to enter the login and password to get in, Is it possible on php to ask the apache server wich user is using the current session? I'd like to give the users the oportunity to change their password but without ask again who are you. Thanks in advance for any answer. Regards Enediel Linux user 300141 Debian GNU/Linux -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php .htaccess autologin
Justin Patrin [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Jas wrote: Combination of session vars and cookie vars... example... [login page] sets cookie with auth=0 (variable) sets session with auth=0 (variable) [logged in page(s)] sets cookie with auth=1 (variable -client side) sets session with auth=1 (variable -server side) hash of users password as client side var then just write a function to look on the users machine for a cookie from your site with auth=1, then if you see that present simply authenticate the user. HTH Jas Evan Nemerson wrote: On Thursday 11 December 2003 04:17 pm, ROBERT MCPEAK wrote: I've dug around quite a bit and can't figure out how I might use PHP to handle an .htaccess login. For example, if I wanted a script to log in the user, rather than the user logging in with the standard .htaccess dialog. Any ideas? I could be wrong, but I think this would be rather client-dependent. I don't think HTTP remembers who you throughout a session- i think the headers get sent every time. My only idea from PHP would be to set the $_SERVER['PHP_AUTH_*'] stuff, but i sincerely doubt that would do anything. I just don't think there's a way to ask the browser to set that info through http. Maybe ask @ javascript forum? If you find a solution, I'd love to hear it... Since the .htaccess vars are stored in the browser, should I be looking at a PHP/JavaScritpt 1-2 punch? Thanks, Bob You could also use the PEAR::Auth package to do authentication (through a form or a .htaccess style popup). -- paperCrane Justin Patrin Hi Robert I understood that you would like to do a login doing the HTTP AUTH method. Here are some scripts: Script 1: login: ?php //if the username field or the password field has not been filled out, //then send at WWW-Authenticate header followed by a aunauthorized one if(!$_SERVER['PHP_AUTH_USER'] || !$_SERVER['PHP_AUTH_PW']){ header(WWW-Authenticate: Basic realm=\Leksjon 11\); header(HTTP/1.0 401 Unauthorized); exit; //else check if the pass/user is right }else{ $user = $_SERVER['PHP_AUTH_USER']; $pass = $_SERVER['PHP_AUTH_PW']; if($user == 'test' $pass == 'test'){ echo You were logged inn!brbra href=\go_on.php\To next file/a; }else{ //if incorrect, resend headers header(WWW-Authenticate: Basic realm=\Leksjon 11\); header(HTTP/1.0 401 Unauthorized); exit; } } ? Script 2: go_on.php : ?php //check the user/pass, if not correct, redirect if($_SERVER['PHP_AUTH_USER'] == 'test' $_SERVER['PHP_AUTH_PW'] == 'test'){ echo You're logged inn!!!; }else{ header(Location: login.php); exit; } ? I had not anymore time to write more comments, but i hope it was helpfull. Eric -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php .htaccess autologin
On Thursday 11 December 2003 04:17 pm, ROBERT MCPEAK wrote: I've dug around quite a bit and can't figure out how I might use PHP to handle an .htaccess login. For example, if I wanted a script to log in the user, rather than the user logging in with the standard .htaccess dialog. Any ideas? I could be wrong, but I think this would be rather client-dependent. I don't think HTTP remembers who you throughout a session- i think the headers get sent every time. My only idea from PHP would be to set the $_SERVER['PHP_AUTH_*'] stuff, but i sincerely doubt that would do anything. I just don't think there's a way to ask the browser to set that info through http. Maybe ask @ javascript forum? If you find a solution, I'd love to hear it... Since the .htaccess vars are stored in the browser, should I be looking at a PHP/JavaScritpt 1-2 punch? Thanks, Bob -- Evan Nemerson [EMAIL PROTECTED] http://coeusgroup.com/en -- First they came for the Communists, and I didn't speak up, because I wasn't a Communist. Then they came for the Jews, and I didn't speak up, because I wasn't a Jew. Then they came for the Catholics, and I didn't speak up, because I was a Protestant. Then they came for me, and by that time there was no one left to speak up for me. -Martin Niemoller -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php .htaccess autologin
Combination of session vars and cookie vars... example... [login page] sets cookie with auth=0 (variable) sets session with auth=0 (variable) [logged in page(s)] sets cookie with auth=1 (variable -client side) sets session with auth=1 (variable -server side) hash of users password as client side var then just write a function to look on the users machine for a cookie from your site with auth=1, then if you see that present simply authenticate the user. HTH Jas Evan Nemerson wrote: On Thursday 11 December 2003 04:17 pm, ROBERT MCPEAK wrote: I've dug around quite a bit and can't figure out how I might use PHP to handle an .htaccess login. For example, if I wanted a script to log in the user, rather than the user logging in with the standard .htaccess dialog. Any ideas? I could be wrong, but I think this would be rather client-dependent. I don't think HTTP remembers who you throughout a session- i think the headers get sent every time. My only idea from PHP would be to set the $_SERVER['PHP_AUTH_*'] stuff, but i sincerely doubt that would do anything. I just don't think there's a way to ask the browser to set that info through http. Maybe ask @ javascript forum? If you find a solution, I'd love to hear it... Since the .htaccess vars are stored in the browser, should I be looking at a PHP/JavaScritpt 1-2 punch? Thanks, Bob -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php .htaccess autologin
Jas wrote: Combination of session vars and cookie vars... example... [login page] sets cookie with auth=0 (variable) sets session with auth=0 (variable) [logged in page(s)] sets cookie with auth=1 (variable -client side) sets session with auth=1 (variable -server side) hash of users password as client side var then just write a function to look on the users machine for a cookie from your site with auth=1, then if you see that present simply authenticate the user. HTH Jas Evan Nemerson wrote: On Thursday 11 December 2003 04:17 pm, ROBERT MCPEAK wrote: I've dug around quite a bit and can't figure out how I might use PHP to handle an .htaccess login. For example, if I wanted a script to log in the user, rather than the user logging in with the standard .htaccess dialog. Any ideas? I could be wrong, but I think this would be rather client-dependent. I don't think HTTP remembers who you throughout a session- i think the headers get sent every time. My only idea from PHP would be to set the $_SERVER['PHP_AUTH_*'] stuff, but i sincerely doubt that would do anything. I just don't think there's a way to ask the browser to set that info through http. Maybe ask @ javascript forum? If you find a solution, I'd love to hear it... Since the .htaccess vars are stored in the browser, should I be looking at a PHP/JavaScritpt 1-2 punch? Thanks, Bob You could also use the PEAR::Auth package to do authentication (through a form or a .htaccess style popup). -- paperCrane Justin Patrin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php/.htaccess/.htpasswd
I've used the script phtaccess, which I think used the mentioned class. Super easy to use. Josh On Wed, 1 May 2002, Kelly Meeks wrote: Is is possible to use php to admin a password file used by a .htaccess file? You should check the File_Passwd class from PEAR. http://chora.php.net/cvs.php/php4/pear/File -- Mika Tuupola http://www.appelsiini.net/~tuupola/
Re: [PHP] php/.htaccess/.htpasswd
It's possible, but is it really recommended? Wouldn't the .htaccess/.htpasswd file have to be owned by the apache user, which might leave it open to being overwritten by any kind of a weak/exploitable script? Mike Josh Valerie McCormack wrote: I've used the script phtaccess, which I think used the mentioned class. Super easy to use. Josh On Wed, 1 May 2002, Kelly Meeks wrote: Is is possible to use php to admin a password file used by a .htaccess file? You should check the File_Passwd class from PEAR. http://chora.php.net/cvs.php/php4/pear/File -- Mika Tuupola http://www.appelsiini.net/~tuupola/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php/.htaccess/.htpasswd
You could use fopen() to connect to the file via ftp therefore keeping the .htaccess file owned by the user for increased security. Josh Boughner On Fri, 3 May 2002, Mike Eheler wrote: It's possible, but is it really recommended? Wouldn't the .htaccess/.htpasswd file have to be owned by the apache user, which might leave it open to being overwritten by any kind of a weak/exploitable script? Mike Josh Valerie McCormack wrote: I've used the script phtaccess, which I think used the mentioned class. Super easy to use. Josh On Wed, 1 May 2002, Kelly Meeks wrote: Is is possible to use php to admin a password file used by a .htaccess file? You should check the File_Passwd class from PEAR. http://chora.php.net/cvs.php/php4/pear/File -- Mika Tuupola http://www.appelsiini.net/~tuupola/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php/.htaccess/.htpasswd
Thus leaving the FTP account's password in view of the httpd, which is even worse... miguel On Fri, 3 May 2002, serj wrote: You could use fopen() to connect to the file via ftp therefore keeping the .htaccess file owned by the user for increased security. Josh Boughner On Fri, 3 May 2002, Mike Eheler wrote: It's possible, but is it really recommended? Wouldn't the .htaccess/.htpasswd file have to be owned by the apache user, which might leave it open to being overwritten by any kind of a weak/exploitable script? Mike Josh Valerie McCormack wrote: I've used the script phtaccess, which I think used the mentioned class. Super easy to use. Josh On Wed, 1 May 2002, Kelly Meeks wrote: Is is possible to use php to admin a password file used by a .htaccess file? You should check the File_Passwd class from PEAR. http://chora.php.net/cvs.php/php4/pear/File -- Mika Tuupola http://www.appelsiini.net/~tuupola/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php/.htaccess/.htpasswd
Im not exactly sure why that is worse, could you elaborate a little? Josh On Fri, 3 May 2002, Miguel Cruz wrote: Thus leaving the FTP account's password in view of the httpd, which is even worse... miguel On Fri, 3 May 2002, serj wrote: You could use fopen() to connect to the file via ftp therefore keeping the .htaccess file owned by the user for increased security. Josh Boughner On Fri, 3 May 2002, Mike Eheler wrote: It's possible, but is it really recommended? Wouldn't the .htaccess/.htpasswd file have to be owned by the apache user, which might leave it open to being overwritten by any kind of a weak/exploitable script? Mike Josh Valerie McCormack wrote: I've used the script phtaccess, which I think used the mentioned class. Super easy to use. Josh On Wed, 1 May 2002, Kelly Meeks wrote: Is is possible to use php to admin a password file used by a .htaccess file? You should check the File_Passwd class from PEAR. http://chora.php.net/cvs.php/php4/pear/File -- Mika Tuupola http://www.appelsiini.net/~tuupola/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php/.htaccess/.htpasswd
You also can't overwrite files using the fopen() method. You'd need to FTP in, then delete the file, then fopen() it.. or just do the whole thing in one FTP session (write to a temp file, upload it, erase the temp file). Mike Miguel Cruz wrote: Thus leaving the FTP account's password in view of the httpd, which is even worse... miguel On Fri, 3 May 2002, serj wrote: You could use fopen() to connect to the file via ftp therefore keeping the .htaccess file owned by the user for increased security. Josh Boughner On Fri, 3 May 2002, Mike Eheler wrote: It's possible, but is it really recommended? Wouldn't the .htaccess/.htpasswd file have to be owned by the apache user, which might leave it open to being overwritten by any kind of a weak/exploitable script? Mike Josh Valerie McCormack wrote: I've used the script phtaccess, which I think used the mentioned class. Super easy to use. Josh On Wed, 1 May 2002, Kelly Meeks wrote: Is is possible to use php to admin a password file used by a .htaccess file? You should check the File_Passwd class from PEAR. http://chora.php.net/cvs.php/php4/pear/File -- Mika Tuupola http://www.appelsiini.net/~tuupola/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php/.htaccess/.htpasswd
If someone can overwrite your .htaccess there's a chance they can also view files through the same exploit (possibly). They could then get your FTP login info, and do a lot more damage than just removing password access to an area. Mike Serj wrote: Im not exactly sure why that is worse, could you elaborate a little? Josh On Fri, 3 May 2002, Miguel Cruz wrote: Thus leaving the FTP account's password in view of the httpd, which is even worse... miguel On Fri, 3 May 2002, serj wrote: You could use fopen() to connect to the file via ftp therefore keeping the .htaccess file owned by the user for increased security. Josh Boughner On Fri, 3 May 2002, Mike Eheler wrote: It's possible, but is it really recommended? Wouldn't the .htaccess/.htpasswd file have to be owned by the apache user, which might leave it open to being overwritten by any kind of a weak/exploitable script? Mike Josh Valerie McCormack wrote: I've used the script phtaccess, which I think used the mentioned class. Super easy to use. Josh On Wed, 1 May 2002, Kelly Meeks wrote: Is is possible to use php to admin a password file used by a .htaccess file? You should check the File_Passwd class from PEAR. http://chora.php.net/cvs.php/php4/pear/File -- Mika Tuupola http://www.appelsiini.net/~tuupola/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] php/.htaccess/.htpasswd
Except that the file can't exist. If it does, fopen() will cause an error. You can use ftp_connect() instead...as per the MANUAL. ---John Holmes... -Original Message- From: serj [mailto:[EMAIL PROTECTED]] Sent: Friday, May 03, 2002 5:24 PM To: Mike Eheler Cc: [EMAIL PROTECTED] Subject: Re: [PHP] php/.htaccess/.htpasswd You could use fopen() to connect to the file via ftp therefore keeping the .htaccess file owned by the user for increased security. Josh Boughner On Fri, 3 May 2002, Mike Eheler wrote: It's possible, but is it really recommended? Wouldn't the .htaccess/.htpasswd file have to be owned by the apache user, which might leave it open to being overwritten by any kind of a weak/exploitable script? Mike Josh Valerie McCormack wrote: I've used the script phtaccess, which I think used the mentioned class. Super easy to use. Josh On Wed, 1 May 2002, Kelly Meeks wrote: Is is possible to use php to admin a password file used by a .htaccess file? You should check the File_Passwd class from PEAR. http://chora.php.net/cvs.php/php4/pear/File -- Mika Tuupola http://www.appelsiini.net/~tuupola/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php/.htaccess/.htpasswd
Being that the files are owned by their respective users, I would imagine that would make it pretty difficult for the .htaccess file to be overwritten, if someone found a way to overwrite the file couldn't that person overwrite any file owned by the ftp user anyway? also I don't see how someone being able to overwrite the .htaccess file would allow them to grab the ftp password, especially if this is all transmitted over ssl. I apologize, I'm not trying to start a flame war that I'm sure I'll lose. But, I am working on a script that does exactly this and if I'm doing it wrong perhaps I should begin recoding it. josh On Fri, 3 May 2002, Mike Eheler wrote: If someone can overwrite your .htaccess there's a chance they can also view files through the same exploit (possibly). They could then get your FTP login info, and do a lot more damage than just removing password access to an area. Mike Serj wrote: Im not exactly sure why that is worse, could you elaborate a little? Josh On Fri, 3 May 2002, Miguel Cruz wrote: Thus leaving the FTP account's password in view of the httpd, which is even worse... miguel On Fri, 3 May 2002, serj wrote: You could use fopen() to connect to the file via ftp therefore keeping the .htaccess file owned by the user for increased security. Josh Boughner On Fri, 3 May 2002, Mike Eheler wrote: It's possible, but is it really recommended? Wouldn't the .htaccess/.htpasswd file have to be owned by the apache user, which might leave it open to being overwritten by any kind of a weak/exploitable script? Mike Josh Valerie McCormack wrote: I've used the script phtaccess, which I think used the mentioned class. Super easy to use. Josh On Wed, 1 May 2002, Kelly Meeks wrote: Is is possible to use php to admin a password file used by a .htaccess file? You should check the File_Passwd class from PEAR. http://chora.php.net/cvs.php/php4/pear/File -- Mika Tuupola http://www.appelsiini.net/~tuupola/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php/.htaccess/.htpasswd
On Wed, 1 May 2002, Kelly Meeks wrote: Is is possible to use php to admin a password file used by a .htaccess file? You should check the File_Passwd class from PEAR. http://chora.php.net/cvs.php/php4/pear/File -- Mika Tuupola http://www.appelsiini.net/~tuupola/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php/.htaccess/.htpasswd
Yes, it's certainly possible. There are classes out there that manage .htaccess permissions for you and provide a web interface to do it. The scripts will write the appropriate .htaccess files based on what you choose to do. Search hotscripts.com or phpclasses.org for one of them. The passwords are made using crypt(). So you take the users password, crypt() it, and compare it to what in the file. I would recommend you get one of the administration classes, though, rather than re-creating the wheel. ---John Holmes... - Original Message - From: Kelly Meeks [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, May 01, 2002 2:12 PM Subject: [PHP] php/.htaccess/.htpasswd Is is possible to use php to admin a password file used by a .htaccess file? I know that sometimes it is easier/more robust to manage password protection via sessions/database, but I've got a client that wants to use a .htaccess file. How do you deal with the encryption of the passwords, etc? I appreciate any guidance, Kelly -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP HTACCESS
Hey Take a look at www.phpbuilder.com, www.devshed.com or one of they many good sites on the net. Here you will find tutorials, forums, tips etc, that you can use for increase your experiance. I also suggest books to increase your exp to... http://www.php.net/links.php for more links At 05:16 08.02.2001, you wrote: Hello Everybody, Does anybody know or have some PHP code to read the htaccess file. I have a couple of directorys protected by the htaccess htpasswd files on the Unix Apache server I use. But I want to create a webpage with input boxes to simulate the popup dialog that appears when entering the protected areas. So rather than enter the username password in the dialog I want to enter them in a webpage. Its all for looks, to give the site a user friendly asthetic look. Please help. Pretty please Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] Best Regards, Christian Sakshaug -- Email: [EMAIL PROTECTED] Web: www.sakshaug.net Tel:+47 913 95 618 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] PHP HTACCESS
hello, you can see with the following syntax : http://login:[EMAIL PROTECTED]/protecteddir/ So, the user enter the code and passwd from a PHP form, then you redirect him with this syntax. But prefer redirection with a javascript, because M$ Explorer seems do not love this: Header("Location: http://login:[EMAIL PROTECTED]/protecteddir/"); So in with a javascript, do the following : HTML BODY script language="javascript" document.location="?echo "http://$CODE:$[EMAIL PROTECTED]/protecteddir/";?"; /script/BODY /HTML where $CODE and $PWD are the login and password of the user. jean-arthur At 09:25 08/02/01 +0100, Christian Sakshaug wrote: Hey Take a look at www.phpbuilder.com, www.devshed.com or one of they many good sites on the net. Here you will find tutorials, forums, tips etc, that you can use for increase your experiance. I also suggest books to increase your exp to... http://www.php.net/links.php for more links At 05:16 08.02.2001, you wrote: Hello Everybody, Does anybody know or have some PHP code to read the htaccess file. I have a couple of directorys protected by the htaccess htpasswd files on the Unix Apache server I use. But I want to create a webpage with input boxes to simulate the popup dialog that appears when entering the protected areas. So rather than enter the username password in the dialog I want to enter them in a webpage. Its all for looks, to give the site a user friendly asthetic look. Please help. Pretty please Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] Best Regards, Christian Sakshaug -- Email: [EMAIL PROTECTED] Web: www.sakshaug.net Tel:+47 913 95 618 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] Le simple fait de passer par la fenetre ne suffit pas a la transformer en porte. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]