Manual Authentication with header()?

Anon

I'm trying to generate an authenticated HTTP header such that the standard htaccess authentication dialog doesn't pop up. On one page I take and validate their user pass. I then tried to send the username and password in the header along with the location of the htaccess protected page.

$user_pass = base64_encode("name:password");
header('Authorization: Basic $user_pass');
header('Location: admin/test.php');

Unfortunatly the dialog still pops up. Any way around this? Thanks -Sam

daarius

if (!isset($PHP_AUTH_USER)) {
// dialogue popup
}
else {
// authentication is already done
}

this way dialogue will only popup if the browser doesnt have the username in the header.

Anon

I hope I'm not being completely ignorant, but I think that that won't work because the dialog is caused by the .htaccess file in that directory, not by a header('WWW-Authenticate') request from a php page... I want the directory to be protected by the .htaccess file by default so that no one can go directly to a page within by typing in the URL. And some of the pages in that directory are not .php pages so I can't put script on all of them. I want to send a header that so that the server thinks that the user has been validated exactly as if they had entered in a username and password in the popup. I hope that's more clear...

Anon

I am having a VERY similat problem in that I want to manipulate the header in regards to the Authenticate header variable. You are correct in that the suggestion above will not work for you.

My problem is I am trying to force the killing of an already authenticated session, so I can re-authenticate after time. The problem, is that the server caches the Authentication header and my page simply logs the bugger right in. I am using an external LDAP for auth not .htaccess though.
Same diff.

Anon

Did U find a solution with header('Authorization: Basic $user_pass'); ?