PHP HTTP Challenge, logon forms.

PyroX

Alrighty, many of us/you may know that you can popup an http challenge logon box to authenticate your users similer to the way you would with .htaccess

		header('WWW-Authenticate: Basic realm="My Private Stuff"');
		header('HTTP/1.0 401 Unauthorized');
		echo 'Authorization Required.';
		exit;

Thats all fine and dandy.

My question is, can something almost in reverse be achived? Can I use an html form to pass username and password to some php code and have it give the client some headers for it to store the user/pass and use it when entering an .htaccess protected area on the same site? I don't like the popup, but want the security of .htaccess .

I know I could redirect to http://username:password@host.com , but do not want to do that. There has to be a way to format the headers, thats how the server / browser does it anyway. Does anyone know?

Thanks!

shareaweb

Um, why not just pass it as Post form data (under SSL would be better), save it in the user session (under SSL would be better) and then pass it on for access ..

You are not really wise to give away the type of server your using by calling an authent box if you really want to be secure, you're just telling the hackers your on apache and using .htaccess then anyway.. and they will try to raw html your posts... hence SSL would be an advantage..