[RESOLVED] PHP .htaccess login

cyberlew15

heya i have been using .htaccess logins for a short while now for my client area
basically i want to have a php based login script so that the user can go to http://clients.mysite.com fill in the .htaccess's username and password so that they can get into their client area located at http://clients.mysite.com/username

i know it sounds weird and i have already tried url inputting the username and password(as works with ftp) , and posting it to the site with the form feild names user and pass which works for https logins

does anybody have experience with what im talking about?😕

etully

http://username:password@clients.mysite.com/username

cyberlew15

h sorry to be a pain but that doesnt work, this an apache 2.0 install but this still doesnt work, the previous post is a url login which does not work currently, how would i set this up to perform this login it comes up with an error stating the page cannot be displayed ???

etully

I guess I'm not understanding what problem you're having. As best I can tell, it's one of these?

You want people who arrive at your root directory with a login to see a subdirectory?
You are trying to convert a plaintext password to the encrypted version in the .htpasswd file from PHP
You are trying to figure out how to pass a u/p known by PHP to the browser to login to a web site?

cyberlew15

Number 3 is what im hoping to do 🙂
The method mentioned before did not work

etully wrote:
http://username:password@clients.mysite.com/username

Maybe this is because i am using a .htaccess file but im sure php is able to relay login data to apache

etully

I just tested it, and it works fine. What problem or error message are you getting?

cyberlew15

it says the url syntax is wrong

madwormer2

etully wrote:
I just tested it, and it works fine.

In Firefox, Opera, yes.

In Internet Explorer, no.

cyberlew15

oh is this an ie bug, im using 6 sp2 so that i dont loose ftp through browser
i hate ie7 but i also hate firefox(they are both pathetic) so is there a way to get this to work in IE6 SP2

madwormer2

I don't think it's a bug, just a feature that's not included.

It just doesn't accept URLs in that format.

There may be a fix, but it's a client thing. There's just no way to get it to accept or automatically login to a URL. You just have to tell the user the username and password, and get them to do it manually.

And pathetic is a bit harsh, don't you think.

Kudose

madwormer2 wrote:
And pathetic is a bit harsh, don't you think.

Yeah, no kidding.

My Firefox installation with FoxyTunes, Web Developer, JS Debugger, IE Simulator and FireFTP extensions save my life everyday.

Maybe you just haven't spent the time necessary looking to increase your web browsing experience.

That's kinda the whole point behind Firefox and the Mozilla project.

Since we are on the topic of harsh things ... don't you think having a big signature is a pain for us? We have to scroll a lot for just a few posts...

bradgrafelman

madwormer2 wrote:
And pathetic is a bit harsh, don't you think.

Only in reference to FireFox! :p

Anyway... I really don't know that you're going to find a workaround for this. I mean, you could in effect create your own PHP browser that automatically sends the authentication header, retrieves the remote data, rewerites URLs/IMGs/etc. to go through the script, and then displays this to the user. Basically, you're making your own PHProxy lookalike that sends authentication headers in addition to all of the proxy behavior.

Sound like a lot of work for something so simple as a nice HTML login page? It is. At this point, I personally would give up and simply use a nice HTML splash page that explains what is going to happen when the users click continue. A quick example would be what I did for my school's webmail interface - http://mail.illinibluffs.com .

cyberlew15

okay, IE7 is really not kool and you will never convince me that it is!!!

Firefox however could quite easily be saved by a few additions to the source of the app.
However it is destined to fail just as netscape did to stop microsofts complete hold on the market therefore it will always be away from the mainstream and will never have the technical support that a conglomerate can offer.

did you know that IE6 SP2 supports the w3c standard more closely than firefox and even has extended functionality such as real zooming of text, pictures and activex built into the core.

oh and as for the signature, i like it and if it really needs to be changed im sure the admins will remove it ;p

bradgrafelman

Before we get too far off topic on an IE vs. FF vs. ?? battle, or even start a flame war, perhaps we should focus on the issue at hand.

What have you decided, cyberlew15? Have you dropped the idea for a login page? Still trying to find a workaround?

etully

There's a reason that the URL is causing problems. It used to work in all browsers, all the time. Then phishing scammers realized that they could build a page protected by a username and password like this:

user: www.citibank.com
pass: secure

So then the quick way to log into the page looked like this:

http://www.citibank.com:secure@a7d94mf.com/login.php

See, if you look at that URL quickly (or you're a newbie), you will think that you're at the real live citibank page.

So to protect people against that, the helpful people at Firefox put in a confirmation box that says, "You are about to log into a7d94mf.com. Are you sure you want to do that?" I assumed that IE did that too... but instead, from what I gather from your post, it sounds like they just made the URL invalid... which breaks lots of web pages out there that already exist and use that type of URL. Therefore, Microsoft=dorks, Firefox=smart

As for your best solution, I'd drop the .htaccess protection and build a simple PHP based login instead. HTACCESS is extremely secure and a PHP based solution is as secure as you can make it. Take your pick.

cyberlew15

cheers guys, you certainly have provided alot of food for thought this thread is now resolved (i'll let clients login manually)