[RESOLVED] Log in to apache with php

Xager

Greetings =)

Well i've scouted the for a solution by i've come up empty.
My problem is this.
My page as alot of directories with image that are protected by a .htaccess file.
But i would like to customize my own login instead of that awful popup.
I've allready made a script which catches the password and username and checks it towards the .htpasswd file.
But ofcourse when i enter one of the .htaccess protected dirs i still get the popup.
I know you can get the apache username via a global var but can you set it?

I know you can do a redir with $username:$password@http://url/ but that is just unsecure (even more then .htaccess 😉).
Is there any other way to log onto a .htaccess protected dir via php?

Regards Xager

laserlight

Perhaps you should just ditch the .htaccess password protection and use a web based form with a database backend for login, with PHP to process the login attempts.

Xager

laserlight wrote:
Perhaps you should just ditch the .htaccess password protection and use a web based form with a database backend for login, with PHP to process the login attempts.

Yes, but the problem is that you can still type /images/image.jpg to see the image and AFAIK only .htaccess can protect a folder like that.

laserlight

Yes, but the problem is that you can still type /images/image.jpg to see the image and AFAIK only .htaccess can protect a folder like that.

That's true, but then the user has to know what is the name of the image in order to get to it.

But i would like to customize my own login instead of that awful popup.

The problem is that the login screen depends on the client. You simply have no control over it.

Of course, there are alternatives, e.g., storing the images in a database, or storing them outside of the document root and then accessing them via a PHP script.

Xager

I'm sure there are many workarounds but i would rather continue using .htaccess.
But my theory was that is you can get a variable you can probably set it but maby you can't.

Anyway, thanks for the quick replies 🙂

Xager

The main reason for wanting to keep .htaccess is that i would need to create about 5 more pages and when you're alone and not that familiar with php that's not an easy task 😉

Xager

Anyone?

halojoy

Xager wrote:
Greetings =)

Well i've scouted the for a solution by i've come up empty.
My problem is this.
My page as alot of directories with image that are protected by a .htaccess file.
But i would like to customize my own login instead of that awful popup.
I've allready made a script which catches the password and username and checks it towards the .htpasswd file.
But ofcourse when i enter one of the .htaccess protected dirs i still get the popup.
I know you can get the apache username via a global var but can you set it?

I know you can do a redir with $username:$password@http://url/ but that is just unsecure (even more then .htaccess 😉).
Is there any other way to log onto a .htaccess protected dir via php?

Regards Xager

An idea.
You know there is something called:
auto_prepend_file in php.ini

Maybe can be of some use?

Regards 🙂
halojoy

http://docs.php.net/manual/en/ini.core.php#ini.auto-prepend-file

Can be set PER directory:

auto_prepend_file  	default value=NULL  	PHP_INI_PERDIR

auto_prepend_file string

Specifies the name of a file that is automatically parsed before the main file. The file is included as if it was called with the require() function, so include_path is used.
The special value none disables auto-prepending.

auto_append_file string
Specifies the name of a file that is automatically parsed after the main file. The file is included as if it was called with the require() function, so include_path is used.[/QUOTE]

Xager

I don't quite see how that would help me to log into apaches session with php.

I think that it can only be done using sockets, atleast if there isn't any build in php function to log into apache

bradgrafelman

Why do you need to use PHP to login? If it's simply to authenticate users against a MySQL database as opposed to a .htpasswd file, then you might consider something like mod_auth_mysql instead of a PHP form.

Otherwise, I would agree with laserlight in simply writing a PHP script that handles the authentication/directory listing/file downloads.

Xager wrote:
The main reason for wanting to keep .htaccess is that i would need to create about 5 more pages and when you're alone and not that familiar with php that's not an easy task

Quite incorrect - I use the exact same method described by laserlight; a PHP page presents users with a login form, validates their credentials against a MySQL DB, lists the files available to them in a certain directory, and sends them whichever file they click on. All of this is done through one single .php file.

It's just a matter of putting together some simple topics with one or two that you might not be familiar with, such as using [man]glob/man to retrieve a list of files in a directory and then [man]readfile/man plus the appropriate [man]header/man's to send whichever file they clicked on.

Xager

bradgrafelman wrote:
Why do you need to use PHP to login? If it's simply to authenticate users against a MySQL database as opposed to a .htpasswd file, then you might consider something like mod_auth_mysql instead of a PHP form.

Otherwise, I would agree with laserlight in simply writing a PHP script that handles the authentication/directory listing/file downloads.

Quite incorrect - I use the exact same method described by laserlight; a PHP page presents users with a login form, validates their credentials against a MySQL DB, lists the files available to them in a certain directory, and sends them whichever file they click on. All of this is done through one single .php file.

It's just a matter of putting together some simple topics with one or two that you might not be familiar with, such as using [man]glob/man to retrieve a list of files in a directory and then [man]readfile/man plus the appropriate [man]header/man's to send whichever file they clicked on.

Thanks for the extensive post, the reason for wanting to keep .htaccess is that i want to have an index. One you log into, only thing is that i don't want to login via .htaccess but instead with php

bradgrafelman

AFAIK there's no way to authenticate a user with a simple PHP form against an Apache mod_auth setup. That's why I suggested using an all-PHP approach of generating a directory listing using a function such as [man]glob/man.

Xager

bradgrafelman wrote:
AFAIK there's no way to authenticate a user with a simple PHP form against an Apache mod_auth setup. That's why I suggested using an all-PHP approach of generating a directory listing using a function such as [man]glob/man.

I guess it would be the way to go, problem is the index. Well i just have to custom write an index.

Thanks for trying atleast 🙂

bradgrafelman

Xager wrote:
Well i just have to custom write an index.

You'd have to write the 2-3 lines of PHP code that would output an index of whichever directory you specify, yes.

Xager

bradgrafelman wrote:
You'd have to write the 2-3 lines of PHP code that would output an index of whichever directory you specify, yes.

Is there a build in function? 😮