>
> I appreciate private responses to this if deemed too
> OT for public post.
>
> i have a site controlled by php sessions that requires
> the user to login. Once logged in, certain types of
> users will find a link to another page that is
> protected by htaccess. If they click on it, apache
> will prompt them for a uname/password; apache htaccess
> authentication in this case uses a password table
> synchronized with what my php login page uses.
>
> I find logging in twice not so neat.
>
> Is there a way I can supply the username/password to
> that htaccess-protected page so that apache's box will
> not appear? Like, supplying the uname/pass pair via
> GET or POST or cookies or however? Note that the php
> login combination is same with what apache expects.
>
> I would have included that page as part of my php site
> but i just dont have control over that page.
>
<?php
function authenticate() {
Header( "WWW-authenticate: basic realm='Test Authentication System'");
Header( "HTTP/1.0 401 Unauthorized");
echo "You must enter a valid login ID and password to access this resource\n";
exit;
}
if(!isset($PHP_AUTH_USER) || ($SeenBefore == 1 && !strcmp($OldAuth,$PHP_AUTH_USER))
) {
authenticate();
}
else {
echo "Welcome: $PHP_AUTH_USER<BR>";
echo "Old: $OldAuth";
echo "<FORM ACTION=\"$PHP_SELF\" METHOD=POST>\n";
echo "<INPUT TYPE=HIDDEN NAME=\"SeenBefore\" VALUE=\"1\">\n";
echo "<INPUT TYPE=HIDDEN NAME=\"OldAuth\" VALUE=\"$PHP_AUTH_USER\">\n";
echo "<INPUT TYPE=Submit VALUE=\"Re Authenticate\">\n";
echo "</FORM>\n"; }
?>
this will simply check if the user is already authenticated. if not it
will force the user to authenticate.
i hope this is what you need.
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
