URL login with HTTP authentication

pabenfield

Hi,

I've taken over a site that uses HTTP Header authentication to control access; so in the security page we have:

<snip>
if ((!isset($PHP_AUTH_USER)) && (!$nologin) )
{
header('WWW-Authenticate: Basic realm="Congress User Account Editor"');
header('HTTP/1.0 401 Unauthorized');

: : :

</snip>

If the above condition is not fired then the system runs a database query on PHP_AUTH_USER and PHP_AUTH_PW to check for a valid login.

My problem is the need to be able to automate login for users, via a welcome email for instance.

If they receive an email containing the link

http://mydomain.com/home.php?PHP_AUTH_USER%3Dusername&PHP_AUTH_PW%3Dpassword

then the security system (an include file on every page) takes those values and if correct will present that users home page. HOWEVER, when that users tries to access another secured page they are then prompted by the normal HTTP Authentication pop-up asking for them to login again. :bemused:

I have searched and searched but can't find answers relating to this specific issue of have automatic login via URL when using the HTTP header login. I've tried copying the two values into $_SERVER variables of the names, in any event they are lost when you browse to another page.

I'll happily provide more info if someone can help me on this!

Cheers

Paul Benfield

johnnytli

Dear Paul,

I looked like you are stuck with someone else's code and you need to add some feature to it.

My suggestion would be to recode the security but that usually are not possible.

I think you can just write a script to login user use the user name and password by checking them against the existing database. I would also add the email for additional verification.

This would of course present you with a security problem when someone can login to your site without actually typing in a user anme and password.

Good luck with the site.