[PHP] Using PHP and Apache's .htaccess files.

[Todd Fernandes]

Here is my question. It involves using PHP and apache's .htaccess files.

What I basically want to know is, how do I redirect a bas user after a
failed Authentication attempt.

Example:
One PHP script checks to see if $PHP_AUTH_USER is set and if not calls
header( sprintf(WWW-authenticate: basic realm=\%s\, $g_auth_realm ));
header( HTTP/1.0 401 Unauthorized );

to get them to provide a username and password. Now, how to I check that
against the .htaccess and .htpasswd files I have in a subdirectory below the
script.

The way I have it working now is that I check to see if $PHP_AUTH_USER is
set, and if it is, I send them to the page that is a directory down behind
the .htaccess file. Working that way, if they are an invalid user, they are
prompted again, if they hit cancel, they get the 401 page. I want to give
them a custom error message instead of the generic 401 page.

Any ideas on how to avoid the 401 page?

Thank you,
Todd

RE: [PHP] Using PHP and Apache's .htaccess files.

[Matt Schroebel]

 -Original Message-
 From: Todd Fernandes [mailto:[EMAIL PROTECTED]] 
 Sent: Thursday, June 20, 2002 3:07 PM

 The way I have it working now is that I check to see if 
 $PHP_AUTH_USER is
 set, and if it is, I send them to the page that is a 
 directory down behind
 the .htaccess file. Working that way, if they are an invalid 
 user, they are
 prompted again, if they hit cancel, they get the 401 page. I 
 want to give
 them a custom error message instead of the generic 401 page.

Might be easier to crypt() the password and stuff it in a mysql db.  Then check the 
crypted user input against the db value to authorize.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php