Hey,

i've got a website with an CMS (content managing system). For security i want some level of access control for the CMS directory. U've used an file with an 401 header to popup an login screen. The given name ans passwd are check with the name and passwd in my database. All works fine. You enter corrupt data and you won't get in.
But now it's possible to access a file directly from an url. So you bypass the 401 header. That should not be possible.
An .htaccesss would solve this problem, but i want to check the username and passwd with the data in my database and to read the username. I can read the username with $REMOTE_USER but then i have to update the htpasswd files each time someone gain's access to my CMS.

So, is it possible ( and how) to let my .htaccess file check the username and passwd in my database and to read the username ?? (i don't need the given passwd later)

    It seems that i can use some sort of htaccess file that uses MySQL(and i use this db).
    Do you have a little example of the htaccess file? from what i've read, you just have to paste some of the "Auth_MySQL_*" in you file.
    Is that correct?

      Hessian,

      i've made some changes in my .htaccess file. But i get an internal server error. Oke, i know i'm doing something wrong, but can you tell me how the .htaccess file should look like?

      here's my changes .htaccess-file:

      AuthName 'Manager'
      AuthType basic

      require valid-user

      Auth_MYSQL on
      Auth_MySQL_DB test
      Auth_MySQL_Password_Table mysql_auth
      Auth_MySQL_Username_Field username
      Auth_MySQL_Password_Field passwd

      Auth_MySQL_Empty_Passwords off

        Just create a blank default page (such as index.php) so they see this page and not your directory structure...

          It's not possible to view the directory structure on my server. Directory browsing is set Off in Apache.
          But that's not my problem.

          I can't get the .htaccess file use MySQL. I'm doing something wrong, i know but what 😕
          I use the mod_auth_mysql. I've adapted my .htaccess file (see my post above).

          Does anyone knows what i'm doeing wrong or give me a small example?

            This may be a stuppid question, but did you load mod_auth_mysql and/or compile it into apache?

              another stupid question..... Can you see any support for mod_auth_mysql in your php_info file?? I didn't compile it with Apache, so i think i need it, where can i download it?

                Okay, i've altered an htaccess file. I looks like this:

                AuthName 'Manager: Prinses Irene'
                AuthType basic

                require valid-user

                Auth_MySQL on
                Auth_MySQL_Info host user passwd
                Auth_MySQL_DB lrpc-irene_db
                Auth_MySQL_Password_Table user
                Auth_MySQL_Username_Field user_name
                Auth_MySQL_Password_Field user_pass
                Auth_MySQL_Empty_Passwords off

                Auth_MySQL_Authoritative on

                It still doesn't work. If i browse to the map, i see the index page and NOT an login screen from the htaccess.

                Does anyone has an example or knows what i'm doing wrong?

                  Write a Reply...