retrieving a password protected page?

Joe826

Hi,

I'm trying to get a script to grab a file that's in a password protected folder. Is there anyway in php to do this? I've tried using the https://user:pass@domain.com but it doesn't seem to work. It's a 401 Authentication Error If I don't enter a password at all. Thanks in advance!

Joe

findapollo

i've tried something similar. there is no direct way to do it with PHP because you would have to set the proper request headers to access the directory. PHP can only create response headers. it might be possible with perl or something else, but i don't know.

this is the indirect way about it though:
http://www.zend.com/zend/trick/tricks-august-2001.php

-findapollo

Joe826

thanks for the link!

AstroTeg

Curl can do this. I've done it with HTML based authentication (typical user/pass login box) and I've done it with server side authentication. You'll need curl to be installed/enabled with PHP to do this though...

findapollo

Curl can retrieve the file, but it can't drop you into that directory can it?
(without having to log in)

AstroTeg

Whatever you can do in a browser, you can do in curl.

If you have to log in to get to the directory, then you'll have to tell curl to log in as well...

findapollo

Right, but i was once trying to figure out a way to have a single log-in form that redirects different users to different directories that each have their own protection (.htaccess) on them.
I know you can fetch a file from that directory, but can you drop them in (send them there) and not have them have to log in again via a pop-up window?

Just curious, I pretty much gave up on the hopes of doing that, but if you think it's possible, I'd look into it.

Also, do many web hosts install Curl by default?

AstroTeg

For .htaccess protected directories, there's an authentication header the browser can send that will automatically authenticate it to that directory. Curl can do this too (I've done it), but making it work so users can retrieve stuff from there automatically would mean you would need to create a PHP script that works as a go between. Meaning the user's couldn't go to that directory directly - they'd have to go through your curl app (since its acting as the go between).

I believe there may be a way to set the authentication header before sending the user to the directory. By doing so, they wouldn't have a server prompted login screen. Which I think is what you're looking to do. But I haven't tried this so I'm not sure where to begin looking...

findapollo

I believe there may be a way to set the authentication header before sending the user to the directory. By doing so, they wouldn't have a server prompted login screen. Which I think is what you're looking to do. But I haven't tried this so I'm not sure where to begin looking...

If there is, I don't think it's with PHP (which has header(), but that can only set response headers from the server)

Weedpacket

Originally posted by findapollo
If there is, I don't think it's with PHP (which has header(), but that can only set response headers from the server)

So why not have PHP make a new request of the server, with all the appropriate headers, and then relay what comes back to the user?

Oh, I see Astroteg has already suggested this.

findapollo

Yes, what i was trying to convey is there is no way that I've figured out to just design you're own log in form and then communicate that information to get a directory listing (or put them) in a password protected directory. They will always get the pop-up. This is sent from client-side and you would have to code an ActiveX, Java, or maybe even Flash.