Michael Hübner wrote:
> Hallo,
>
> Hope somebody can help me.
>
> I'm working on Linux, Apache.
>
> On my start-site the user can log in via inserting Username
> and Password into normal formfields, which are compared with a DB.
>
> After this login, he can change to his own user-directory
> which is .htpasswd and .htaccess protected. Thats the reson
> he has to insert his Username and Password again ;(
>
> My Question:
>
> Is there a way, so the user has to insert his data only once?
>
> I've also tried it by doing a authentification like this first:
>
> <?php
> if (!isset($_SERVER['PHP_AUTH_USER'])) {
> Header("WWW-Authenticate: Basic realm=\"My Realm\"");
> Header("HTTP/1.0 401 Unauthorized");
> echo "Text to send if user hits Cancel button\n"; exit;
> } else {
> echo "Hello {$_SERVER['PHP_AUTH_USER']}";
> echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your
> password.</p>"; }
>>
>
> but it doesn't work for me, because when switching to the
> userdirs, the .htaccess authentification window pops up again
> (it is the same pwd and uid in the DB and the .htpasswd) ;(
>
> Thank you in advance,
>
> Michael
Please, please .. somebody come up with a solution to this and this kind of
problems that as been bugging (I think) every php
developer/scripter/programmer (however you call yourself) that has to deal
with security. Eventually I found myself doing the entire security procedure
in auto_prepend'ed files. But this only blocks access to php files. Isn't
there like some apache module mod_auth_php, just like there is
mod_auth_mysql and others?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
