Passing Username and Password to a Php authentication Script

autonomous

I have just completed the tutorial on user authentication By Julie Meloni and the script is working fine but I am now trying to pass username and password to the authentication script using an html form ie:
<form action="http://www.mydomain.com/login.php" method="POST"
<input type="text" name="username">
<input type="password" name="password">
<input type="submit" value="Submit">
</form>

In my authentication script I think I have to set the global variables...
$PHP_AUTH_USER
$PHP_AUTH_PW
to equal the username and password I'm sending from the html form but I'm not sure how to do this...?

The authentication script is:

<?php

$auth = false; // Assume user is not authenticated

if (isset( $PHP_AUTH_USER ) && isset($PHP_AUTH_PW)) {

// Read the entire file into the variable $file_contents

$filename = '/path/to/.htpasswd';
$fp = fopen( $filename, 'r' );
$file_contents = fread( $fp, filesize( $filename ) );
fclose( $fp );

// Place the individual lines from the file contents into an array.

$lines = explode ( "\n", $file_contents );

// Split each of the lines into a username and a password pair
// and attempt to match them to $PHP_AUTH_USER and $PHP_AUTH_PW.

foreach ( $lines as $line ) {

list( $username, $password ) = explode( ':', $line );

if ( $username == "$PHP_AUTH_USER" ) {

// Get the salt from $password. It is always the first
// two characters of a DES-encrypted string.

$salt = substr( $password , 0 , 2 );

// Encrypt $PHP_AUTH_PW based on $salt

$enc_pw = crypt( $PHP_AUTH_PW, $salt );

if ( $password == "$enc_pw" ) {

// A match is found, meaning the user is authenticated.
// Stop the search.

$auth = true;
break;

}

}
}

}

if ( ! $auth ) {

header( 'WWW-Authenticate: Basic realm="Private"' );
header( 'HTTP/1.0 401 Unauthorized' );
echo 'Authorization Required.';
exit;

} else {

header( 'Location: [url]http://www.mydomain.com/dealers/member/index.html[/url]' );

}

I'd like to have the user type in username and password and then have it post to this form so that they are set and the pop up box doesn't come up asking for username and password when it directs them to the member page...?

Any suggestions?

thanks,
sb

autonomous

Apparently there is no way around loging in to a htaccess protected area without the browser pop-up and it seems to be better to use php file authentication and store other files like pdf's and excel and media files outside the web root and then call / read them with the php authenticated file ... here's a link to a thread about the auth issues:

http://www.flash-db.com/Board/index...g46003#msg46003

Thanks for the replies,
sb.