Auth .htaccess with PHP... HOW?

Anon

I'm wondering, is there a way to auth .htaccess using PHP? Basically, I have a username and password field on an .shtml page. This data is then sent to a .php page that checks to see if the username and password match from a mysql database. this is where i stopped.

I want the .php page to redirect the user to a "members only" dir where there will be pages and files only members are allowed to access. I'm guessing that to look this dir, I need to use .htaccess in the dir. But, if the .php page redirects the user to the dir... then won't .htaccess prompt the user for a username and password?, even after they have passed the auth in the beginning>? (shtml and php page).

I still want .htaccess to deter intruders if someone tries to access the dir by typing it into a browser, but I want to allow access to users who auth the first time, without having to auth again. is this possible??

I'm kinda a php newbie here and I'm just starting to play around with headers. Please help me. Thank you in advance.

Anon

You can pass the username and password in a URL that will work against .htaccess. There are security issues associated with this, but you can simply do something like this...

http://username:password@www.mydomain.com

If the directory/file has .htaccess on it, this will auth you and allow access to the resource.

Anon

Oh... there's no way of sending the info hidden?? or through PHP??

hmmmm... I wonder if there's a way to encrypt this data.

Thank you David R for you prompt response. I really appreciate it.

lobobr

Take a look here:

http://www.phpbuilder.com/columns/mattias20000105.php3

Best regards,

Scorpion wrote:

I'm kinda a php newbie here and I'm just starting to play around with headers. Please help m....

Anon

are you suggesting that he solve this problem with sessions instead of .htaccess or that somehow session variables can be used to input the htaccess username and password in some hidden way?

Anon

I don't use .htaccess on my site, but perhaps my approach will help you.

User tries to access a page.
PHP checks a cookie to see if $login and $password are set, if so, user is allowed access.
If $login and $password are not set, then
PHP puts the url of that page in a cookie.
User is sent to a login page with a form.
Data from form is compared to data in mysql.
If user authenticated, php puts login and password in a cookie (see step 2 above). Cookie will now be available for every other page to use.
PHP reads the cookie containing url (see step 4 above), and sends the user back to the page.

The above works well for me. All I do is INCLUDE() the authentication script at the top of every page that needs authentication.

Richie.
geocities.com/akindele/