I've setup a PHP4 user login system combined with mySQL and .htaccess. My problem is how to avoid a double log-in.

When a user registers, PHP logs the information into the database and adds them to the .htaccess and .htpasswd files.

After entering the username and password in the login form, the info is passed to a PHP script which then compares that info to what is stored in the database. If it matches, then the user is redirected to the directory on the server that holds the "members" only pages. This directory is protected by .htaccess, so a second window pops up asking the user to login again. If the person enters the same login information, then the user has access to that directory.

My question: is there a way, after verification that the username/password is valid when compared to the database, that the environment variables for .htaccess can then be set to avoid the double login?

    http://www.php.net/manual/en/features.http-auth.php

    Hope this helps. Letting PHP handle the HTTP headers, and forgoing the .htaccess and .htpasswd files altogether could be best solution. Or, setting up the 'restricted' files (assuming they are all PHP) so that the meat of the content is only seen on authentication.

    Try using cookies, and/or session IDs as well.

      Yes. Your solution worked fine. Not quite sure why I didn't think of it - but hey, I've only been using PHP for two months now.

        Write a Reply...