Php and htaccess

cytchiu

I have a html page which contains the login and password textbox. When I submit the form, a login.php will be called. If the login and password are correct, it will redirect to a restricted area.

The restricted area is protected by a htaccess file which has 1 account only i.e login -- A, password -- B.

Before IE updated, my login.php will redirect to the restricted area by using the method http://A:B@myhostname.com. However, after the updating of IE, I cannot use such method anymore....

But I cannot think of any other method in order to protect the restricted files. Do anyone know how to deal with it?

AstroTeg

Put restricted files in a non-web accessible subdirectory (one directory above your web root usually works well).

Then create a PHP file to read the bits back to the browser. Make sure this part works. Once you have it feeding you files, then add to that PHP file security so it only feeds files to those you want to feed files to.

cytchiu

I think I cannot use this solution, it is becauses:

my restricted area is a course's note in html format, one page will link to another page i.e. <a href="nextPage.htm">Next Page</a>
I use the htaccess file to block the whole course directory
I cannot change the html files into php files

Therefore, if i use the suggested solution, I can only retrieve 1 html file at 1 time.

Could anyone knows how to solve it?

LordShryku

You can use [man]header[/man]...

header('WWW-Authenticate: Basic realm="yourdomain" user="A" password="B"');

cytchiu

I have tried that, however htaccess popup box appears and the Realm part display

yourdomain" user="A" password="B"

seems that it doesn't work. Could you provide me the php code?

Drakla

You can make the new version of IE use the old passwording system in the url by adding some values to the registry. If you're willing to use that as a temporary solution then download the attachment with this post.

Clearly you need a new system for the big picture, though.

cytchiu

This method works. However, i think everybody needs to update the fix if they want to access my homepage.
Seems unreasonable...

AstroTeg

I'm thinking if you don't want to try the PHP downloader approach I mentioned above, then you may be rather stuck with your current solution (although you mention you would have to change the HTML files to PHP and this wouldn't be the case with the approach I described).

cytchiu

Does every person who wants to view my restricted area need to install the registry file?

AstroTeg

How would you handle Mozilla/Firefox users? I think they will have problems just like IE now has problems...

cytchiu

In order to set the variable $_SERVER['PHP_AUTH_USER'], is it the only way by input the user name through the htacess popup box?