On Tue, 9 Jan 2007 09:28:03 +0200, "Octavian Rasnita" <[EMAIL PROTECTED]> wrote:
>Well in that case you can simply use a link like > >http://www.site.com/program_name/username/password > >and put the program "program_name" to parse the URL, get the username and >password, search the user in the file with users or a database and checks if >the password is correct, and if it is, let the user see the page. >The program should use cookie-based sessions, so the subsequent pages won't >need to make the authentication again. > >Of course, the user has the rights to see the page, but when that user sees >it, other users might be around and also see the username/password used. >I think a better idea would be to make a POST request somehow and not a GET >one, because in that case at least the username/password are not shown in >the address bar. > >You can create a form that uses the POST method, with the hidden username >and password fields set by default, and use a Javascript function that sends >the form for making the login... >In that case, the username and password will be sent in CGI style like >http://www.site.com/program_name?user=xxx&password=zzz. > >Octavian Thanks, I decided to go another route because I really do not want to bypass the Apache security handling I am using already by instead having logins handled by a program I have to maintain myself... I have created a new password protected folder somewhere on our website and there I will store the real user/password combinations. My program will then itself get the proper file from the website using its own secret user/password and parse out the data for the customer. Then it will display a link to the customer pages along with the login data for that customer. When he clicks the link the default browser opens up and shows the login dialogue which he now has to fill in from the display in the program page shown. This way my program acts as a reminder for the customer and shows his own login data but he has to do the login himself. Bo Berglund --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
