Michael Hübner wrote: > Hallo, > > Hope somebody can help me. > > I'm working on Linux, Apache. > > On my start-site the user can log in via inserting Username > and Password into normal formfields, which are compared with a DB. > > After this login, he can change to his own user-directory > which is .htpasswd and .htaccess protected. Thats the reson > he has to insert his Username and Password again ;( > > My Question: > > Is there a way, so the user has to insert his data only once? > > I've also tried it by doing a authentification like this first: > > <?php > if (!isset($_SERVER['PHP_AUTH_USER'])) { > Header("WWW-Authenticate: Basic realm=\"My Realm\""); > Header("HTTP/1.0 401 Unauthorized"); > echo "Text to send if user hits Cancel button\n"; exit; > } else { > echo "Hello {$_SERVER['PHP_AUTH_USER']}"; > echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your > password.</p>"; } >> > > but it doesn't work for me, because when switching to the > userdirs, the .htaccess authentification window pops up again > (it is the same pwd and uid in the DB and the .htpasswd) ;( > > Thank you in advance, > > Michael
Please, please .. somebody come up with a solution to this and this kind of problems that as been bugging (I think) every php developer/scripter/programmer (however you call yourself) that has to deal with security. Eventually I found myself doing the entire security procedure in auto_prepend'ed files. But this only blocks access to php files. Isn't there like some apache module mod_auth_php, just like there is mod_auth_mysql and others? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php