HTTP authentication

mattb11

I used to be able to access an authenticated page on a users behalf without showing them the username and password in the address bar by using the following in a frame...

http://username:password@domain.com

but IE6 has stopped this. Can I use PHP to acheive the same result?

I thought about using the header("Location : ") function to get the browser to redirect but can't seem to supply the authentication details (even if I base64_encode them).

Any ideas?

AstroTeg

With CURL, you could set the credentials for HTTP authentication (which is much different then just passing the name/password on the URL) and then have CURL download the page into a variable which you could toss at the user. Trick is, this doesn't authenticate the user's browser to the site so any link the user clicks on, they'll have to re-authenticate (the alternative would be to have CURL do all the dirty work).

I don't really see an easy work around. It might be possible to set some headers with the authentication info, but I think you'd have to be on the same domain as the site you're authenticating to for it to work (otherwise, the user/pass info is authenticated to your domain which isn't what you want).

olaf

Hallo,

what is the reason for using this "automatic" login?

accessing files in a folder?

mattb11

We provide services to customers for their domains on virtual servers (amongst other things). I have an administration site for all the various services we provide to our customers where they can log in once and then access other secure pages for controlling various services. We pass authorised users through to those pages already authenticated.

Most of this can be sone using forms which I have sussed but we have website stats pages that require HTTP authentication. I don't want the users to see the username and password because it would give them access to other stuff.

I will look at CURL (whatever that is) and reading the files in (using fOpen I guess) and sending them to the user but I hoped there would be a simpler way...

Cheers for the help so far.

olaf

success...

I don't think that this is the right way to do...