RE: [PHP] Apache authentication and adding a user.
Try this: http://phpclasses.websapp.com/browse.html/package/387.html Regards, Daniel Kushner _ Need hosting? http://thehostingcompany.us > -Original Message- > From: John Meyer [mailto:johnmeyer_1978@;yahoo.com] > Sent: Monday, October 28, 2002 3:29 PM > To: [EMAIL PROTECTED] > Subject: [PHP] Apache authentication and adding a user. > > > Hi, is there any way to use PHP to programmatically add a user > in terms of > Apache user authentication? > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Apache authentication and adding a user.
Hi, is there any way to use PHP to programmatically add a user in terms of Apache user authentication? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] apache authentication
> SECURITY WARNING: This code uses a hard-coded user-name and > password, which begs the question of where they would come from > in the real world. You could collect them via a form, but then > they will be sent to the PHP script as arguments and so the > password will be visible in the URL box of the browser window. > (Any better suggestions?) MD5 the password with javascript before submitting the form? Works for me :-) Cheers Jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] apache authentication
Aaron and I have discussed this offline. He has a PHP front-end running on
one server which he is using to control access to pages on another server
(the target). He wants the front-end code to collect and check the user's
credentials, then request an appropriate URL from the target and relay the
result back to the client. This is a reverse proxy arrangement.
However, the pages on his target are password-protected, so he has to send
the credentials in the URL. I recently looked at the same problem. I
couldn't see how to get the standard apache proxy to send the credentials
across, so I wrote my own proxy in PHP. It's not very pretty and it's slow,
but it does the trick. The only difficult bit is sending the credentials.
HTTP expects the password in base64 encoding.
SECURITY WARNING: This code uses a hard-coded user-name and password, which
begs the question of where they would come from in the real world. You
could collect them via a form, but then they will be sent to the PHP script
as arguments and so the password will be visible in the URL box of the
browser window. (Any better suggestions?)
This is part of a bigger project, so I have to edit the code for
publication, and I haven't checked it. Let's hope my fingers are working
properly tonight.
I have put the code onto the end of this note. I would welcome any
feedback.
Simon
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: 14 January 2002 17:41
> To: [EMAIL PROTECTED]
> Subject: [PHP] apache authentication
>
>
> Hi,
>
> I am using the Nusphere application server with apache user directories.
> I have several protected user
> directories that are of different realms. When a user logs into the
> 'secure area' i would like to send them
> to pages contained in a secure directory but pass the encoded user:pass
> in the URL as to avoid the pop-up
> apache authentication dialogue. Is this possible and how do i achieve
> this?
>
> TIA,
>
> Aaron Lake
> Programmer/Analyst
> Kvaerner Chemetics
> A Division of Kvaerner Canada Inc
> (604) 730 4206
- proxy.php---
Login
// Host:intra.local.sys
//
//
// where is authName:authPassword in base 64 form. The PHP
// manual entry for fsockopen(0 advises you to put CR chars at the
// end of each line as well as LFs.
//
// Copyright 2002 Simon Ritchie, Merrow Internet Services
// (www.merrowinternet.com)
$server = "intra.local.sys";
$authName = "foo"; // In a real application, you would
$authPassword = "bar"; // get these from somewhere.
$cred = $authName . ":" . $authPassword;
$b64cred = base64_encode($cred);
$req1 = "GET /" . $URL . " HTTP:/1.1\r\n";
$req2 = "Authorization: Basic " . $b64cred . "\r\n";
$req3 = "Host:" . $server . "\r\n";
$intra = fsockopen($server, 80) or
die("cannot access " . $server);
if (strlen($cred) > 0) {
// send authenticated request
fputs($intra, $req1);
fputs($intra, $req2);
fputs($intra, $req3);
fputs($intra, "\r\n");
} else {
// send anonymous request
fputs($intra, $req1);
fputs($intra, $req3);
fputs($intra, "\r\n");
}
// the server returns a set of headers, a blank lines separator
// and the HTML page. This PHP code will send appropriate
// headers back to the client, so here we just want to print
// the HTML page.
$text = fgets($intra, 4096);
while (!feof($intra)) { // eat headers until ...
$text = fgets($intra, 4096);
if (strcmp($text, "\n") == 0 ||
strcmp($text, "\r\n") == 0) { // ... blank line
break;
}
}
while (!feof($intra)) { // present the rest
$text = fgets($intra, 4096);
echo($text);
}
exit;
?>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] apache authentication
I'm trying to do a similar thing, although I'm running PHP as an Apache module. There's a directory I want to protect, containing PDf files, access to which will be constrained by .htaccess. Our users have already logged in through a custom login script. I could modify this script so that when the users are authenticated, I can assign a username/password combination which would be acceptable to .htpasswd. Alternately I could add mod_auth_mysql and use it to authenticate. In either case, a user name and password have to be passed to Apache. Is this done by assignment to $PHP_AUTH_USER and $PHP_AUTH_PW? If so would mod_auth_mysql pick those up automatically, thus the popup wouldn't appear? My other alternative is to move the PDF's outside the web tree and deliver them using the header() function. Although it's been tested and works, many subscribers have IE 5.5 and work in an environment where the company directs what browser will be used. This has become a sticky issue, and all suggestions will be welcome. (Including that I RTFM, if I've missed a particular section.) Regards - Miles Thompson At 11:35 AM 1/14/2002 -0800, [EMAIL PROTECTED] wrote: >Apparently i have been unclear, allow me to rephrase: > >I want to send user:pass to an apache authentication header for a apache >protected user directory. Unfortunately, I have php installed as CGI so >native php authentication will not function. I would like >to either send the user:pass via GET in a url encoded sting (if possible >as CGI) OR send user:pass >directly to the header using a different method. Due to restrictions >imposed on me, i am not able >to make use of a single unified logon using LDAP or NTLM. In my case, >since there are several user >directories spanning severl realms, I must first authenticate users >against a mysql auth db and fetch >the the realm user:pass based on that users permissions. > >Is it possible to send the user:pass in any of the methods described >above? If so, how can i implement >this? > >Aaron Lake >Programmer/Analyst >Kvaerner Chemetics >A Division of Kvaerner Canada Inc >(604) 730 4206 > > >-- >PHP General Mailing List (http://www.php.net/) >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] >To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] apache authentication
Apparently i have been unclear, allow me to rephrase: I want to send user:pass to an apache authentication header for a apache protected user directory. Unfortunately, I have php installed as CGI so native php authentication will not function. I would like to either send the user:pass via GET in a url encoded sting (if possible as CGI) OR send user:pass directly to the header using a different method. Due to restrictions imposed on me, i am not able to make use of a single unified logon using LDAP or NTLM. In my case, since there are several user directories spanning severl realms, I must first authenticate users against a mysql auth db and fetch the the realm user:pass based on that users permissions. Is it possible to send the user:pass in any of the methods described above? If so, how can i implement this? Aaron Lake Programmer/Analyst Kvaerner Chemetics A Division of Kvaerner Canada Inc (604) 730 4206 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] apache authentication
Your question is not very clear, not to me anyway. Are you trying to write some PHP code that remembers a user name and password over several requests? If so, I can answer that. According to me, it's hard. The problem is that PHP (in fact Apache itself) doesn't remember any information between requests - there is (almost) no persistent storage. In any case, an apache web server machine runs several copies of Apache, and you would have to share the data between all the copies. Furthermore, there can be more than one physical server. Your PHP could remember the credentials in a shared database, but that would be slow. Once you have some persistent storage, you need to be sure that the incoming requests are really coming from where you think they are - some sort of secure session management. Without that, a hacker can break into somebody else's logged-in session by sending suitable fake requests. All this is easier in HTTPS. I am working on some code that implements persistent storage with HTTPS, but I haven't got the shared memory part working yet. Simon > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: 14 January 2002 17:41 > To: [EMAIL PROTECTED] > Subject: [PHP] apache authentication > > > Hi, > > I am using the Nusphere application server with apache user directories. > I have several protected user > directories that are of different realms. When a user logs into the > 'secure area' i would like to send them > to pages contained in a secure directory but pass the encoded user:pass > in the URL as to avoid the pop-up > apache authentication dialogue. Is this possible and how do i achieve > this? > > TIA, > > Aaron Lake > Programmer/Analyst > Kvaerner Chemetics > A Division of Kvaerner Canada Inc > (604) 730 4206 > > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] apache authentication
Hi, I am using the Nusphere application server with apache user directories. I have several protected user directories that are of different realms. When a user logs into the 'secure area' i would like to send them to pages contained in a secure directory but pass the encoded user:pass in the URL as to avoid the pop-up apache authentication dialogue. Is this possible and how do i achieve this? TIA, Aaron Lake Programmer/Analyst Kvaerner Chemetics A Division of Kvaerner Canada Inc (604) 730 4206 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] apache authentication
This isn't a php problem as much as an apache problem, however, it is = webmasters of php sites that would have dealt with this. Here's the dilemna- If you use mod_dav to maintain a php application that uses = username/password authentication for the web app, it doesn't play very = nice. At least not how I have it set up- which is why I need help ;) here's how the web application is set up in my httpd.conf: Alias /obm/ /opt/php/obm/ Alias /obm-src/ /opt/php/obm/ Options Indexes MultiViews AllowOverride None Order allow, deny Allow from all AuthType Basic AuthName webDAV AuthUserFile /etc/httpd/conf/dav.user (further down) DAVLockDB /var/apache/dav/moddav DAVMinTimeout 600 DAV On ForceType text/plain Require user webmaster -=3D- Works beautifully for webDAV updating of the web application. However, when a user logs in to the web application, after they enter = the username and password, they are prompted for a login for the webDAV = realm, which is not what I want. If I add the satisfy any directive to the directory authentication- = i.e.- Options Indexes MultiViews AllowOverride None Order allow, deny Allow from all AuthType Basic AuthName webDAV AuthUserFile /etc/httpd/conf/dav.user satisfy any Then the web applications authentication works perfectly (user not = prompted for a webDAV realm login after their username/password are = verified by the php) but this kills security for webDAV file uploading, = and a webDAV client can connect without username/password. What I need to do, is only require authentication in the webDAV realm if = the user is accessing the client through webDAV (i.e. through the = /obm-src/ alias) but not require webDAV realm authentication if the user = is accessing through the /obm/ alias As far as I can tell, apache authentication directives are directory = based, not url based, which is where my problem is :( I must define the webDAV authentication method in the = directive, but I only want it to take effect if = being accessed through /obm-src/ and NOT take effect if being accessed = through /obm/ Interestingly enough, this is NOT a problem if the web application uses = Advanced Authentication to authenticate the users (such as phpMyAdmin) = but it is a problem if the web application uses typical php = authentication to authenticate the users. That triggers apache to want = the realm authentication as well. Any suggestions or ideas on how to resolve this issue? I'm sorry for the length of the post... -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Michael A. Peters Abriasoft Senior Developer -=-=-=-=-=-=-=-=-=-=-=-=-=-=- Michael A. Peters Abriasoft Senior Developer http://www.abriasoft.com/ (510) 623-9726x357 Fax: (510) 249-9125 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
