Trying to setup a Session Cookie

Boat_2005

I recently bought a software package that restricts access to one or many directories on my hosted server. The server is unix based. The directory that is restricted contains an .htaccess file and I believe that it uses Apache. If I try to access a file within that directory, the browser pops up a username / password input box. When I add the correct username / password, I am granted access.

My goal is to NOT use the browser popup and login through my HTML home page. I was able to access this restricted directory with the following URL format, "username : password@www.domain.com/directory".
IE has added security to not allow this.
The work around is to use session cookies.
I’ve been Googling for examples and have been reading all that I can with no luck.

I’m not exactly sure what the steps are to access an HTML file in my restricted directory.

I’ve been trying to add the following code to my home page / login page and trying to access it with the form action = $PHP_SELF.

This is really becoming frustrating and I would really appreciate any examples and advice..
Thx…

<?php
function auth(
$username = '',
$password = '',
$pass_file = './cgi-bin/pa/d_pass.txt'
) {
session_start();
global $PHP_SELF, $authdata;
$check = ! empty( $username );

if ( is_array( $authdata ) ) {
return true;
} elseif ( $check ) {
$fp = fopen( $pass_file, 'r' );
while ( !feof( $fp ) ) {

            $line = trim( fgets( $fp, 1000 ) );
            list( $l, $p ) = explode( ',', $line );

            if ( ($l == $username) && ( $p == $password) ) {
                $authdata = array("login"=>$username);
                session_register( 'authdata' );
                fclose( $fp );
                return true;
            }
        }
        fclose( $fp );
        unset( $authdata );
        return false;
    } else {
        return false;
    }

bpat1434

If you're setting cookies to be logged in (or session variables), then set the cookie and get rid of the .htaccess file.

You can set cookies as:

setcookie('username', $username, (time()+2592000), '/', '', 0);

setcookie
(PHP 3, PHP 4 , PHP 5)
setcookie -- Send a cookie

Description
bool setcookie ( string name [, string value [, int expire [, string path [, string domain [, bool secure]]]]] )

setcookie() defines a cookie to be sent along with the rest of the HTTP headers. Like other headers, cookies must be sent before any output from your script (this is a protocol restriction). This requires that you place calls to this function prior to any output, including <html> and <head> tags as well as any whitespace. If output exists prior to calling this function, setcookie() will fail and return FALSE. If setcookie() successfully runs, it will return TRUE. This does not indicate whether the user accepted the cookie.

All the arguments except the name argument are optional. You may also replace an argument with an empty string ("") in order to skip that argument. Because the expire argument is integer, it cannot be skipped with an empty string, use a zero (0) instead. The following table explains each parameter of the setcookie() function, be sure to read the Netscape cookie specification for specifics on how each setcookie() parameter works and RFC 2965 for additional information on how HTTP cookies work.

PHP.Net: setcookie - Manual

~Brett

dewen

You may find something in Harry Fuecks' <object orinted PHP Solutions> Vol 2 Chp 1.

As bpat1434 says, I think you should remove .htaccess file or disable the HTTP auth in it. Then follow the example on the book could save you time and build a secured login function. Function session_register is not recommended in this case since "it will not work in environments where the PHP directive register_globals is disabled"