[EMAIL PROTECTED] schrieb: > I don't think the process is an extra step at all. In fact, it's just a > trade off using one or the other. You can either login using php and a > database backend or just authenticate using .htaccess directives. > <snip>
> On Mon, 3 Feb 2003, Chris Shiflett wrote: > > >>>There is a way to supposedly do this by authenticating >>>a username and password through php first through such >>>methods as database lookups and then passing the >>>username and password through $PHP_AUTH_USER and >>>$PHP_AUTH_PW using the header() command to point to the >>>URL of the .htaccess protected directory but I have >>>never gotten it to work myself. >> >>The variables $PHP_AUTH_USER and $PHP_AUTH_PW are available >>to you when the user authenticates via HTTP basic >>authentication. Thus, the user has already had to type in >>the username and password into a separate window, which is >>what the original poster is trying to avoid. >> >>To then send the user to another URL and supply the >>authentication credentials in the URL itself just creates >>an unnecessary step. >> >> <snip> In fact you could combine .htaccess AND $PHP_AUTH cause its all depending on apache. Apache is looking for the variables AUTH_USER and AUTH_PW ... not PHP ... PHP just send this via header() and the Apache result is copyd to PHP_AUTH. That way you could use an PHP file to build the login page and an .htacces file to define the restrictions use something like <FilesMatch "\.(gif|jpe?g|png|htm|html)$"> require valid-user </FilesMatch> to restrict access to the specified files and note that the data of the .htpasswd must be the same as the user/password definitions of the database. Maybe you might use mod_auth_db instead of mod_auth. With <FilesMatch> instead of <Limit> you only protect files not the way/method how to get them. With the line above all .html files are protected and .php files are not. In combination with <DirectoryMatch> you could also make a special definition range ... you only have to beware of the MD5 password ... use <?php $password=crypt($PHP_AUTH_PW,substr($PHP_AUTH_PW,0,2)); ?> to generate a password valid for an .htacces file -- @ Goetz Lohmann, Germany | Web-Developer & Sys-Admin \/ ------------------------------------------------------ () He's the fellow that people wonder what he does and || why the company needs him, until he goes on vacation. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php