Ideally I could just have php do the info gathering and send the input,
user and pass, to apache for authenticating them. But I really don't
know what is best. If I set up an index file to ask for a password that
still does not secure (or at least ask for a password) anything else in
the directory. But it looks like mod_auth does do that, if only I could
use php as a gatherer for mod_auth. Can anyone suggest how to do this
or maybe a better way. Do I need php authentication in every file on
the site?
Please help.
-Dave Baldwin
-----Original Message-----
From: David Baldwin
Sent: Tuesday, July 10, 2001 2:36 PM
To: Jack Dempsey; [EMAIL PROTECTED]
Subject: RE: [PHP] Authentication
I am using htpasswd files for the passwords but I took all the
htaccess or mod_auth directives out of httpsd.conf. I guess I could
learn mysql (yeay, maybe later), and infact, that looks like a real good
idea, but I think the double prompting is due to the fact that I have
the following in the beginning of the index.php file that the login.php
script redirects to:
<?php
session_start();
if ( ( !isset( $PHP_AUTH_USER )) || (!isset($PHP_AUTH_PW))
|| ( $PHP_AUTH_USER != 'user' ) || ( $PHP_AUTH_PW != 'pass' ) ) {
Header( 'HTTP/1.0 401 Unauthorized' );
Header( 'WWW-Authenticate: Basic Realm="Users info"' );
echo 'Authorization Required.';
exit;
} else {
echo 'You are in users page.';
phpinfo();
}
?>
This works with a windows browser but not with UNIX/Netscape. It seems
that for some reason the session is not carrying over with
session_register and session_start from the login.php script, but only
with the UNIX/Netscape browser. The login.php script looks like this;
<?php
session_register("PHP_AUTH_USER");
session_register("PHP_AUTH_PW");
$auth = false;
if (isset ( $PHP_AUTH_USER ) && isset ($PHP_AUTH_PW)) {
$filename = '/usr/local/apache/conf/htpasswd';
$fp = fopen( $filename, 'r' );
$file_contents = fread( $fp, filesize( $filename ) );
fclose( $fp );
$lines = explode ( "\n", $file_contents );
foreach ( $lines as $line ) {
list ( $username, $password ) = explode( ':', $line );
if ( $username == "$PHP_AUTH_USER" ) {
$salt = substr( $password , 0 , 2 );
$enc_pw = crypt( $PHP_AUTH_PW, $salt );
if ( $password == "$enc_pw" ) {
$auth = true;
break;
}
}
}
}
if ( ! $auth ) {
header( 'WWW-Authenticate: Basic realm="User Area"' );
header( 'HTTP/1.0 401 Unauthorized' );
echo 'Authorization Required.';
exit;
} else {
header( "Location: https://192.168.124.219/users/$user/"; );
}
?>
I just want the login.php to setup the PHP_AUTH_USER and PHP_AUTH_PW and
then the index.php to read those values, compare them to static
requirements and depending on the values set up in login.php to either
allow or deny.
Any suggestions are appreciated.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
