Apache/PHP Authentication - Again
Griffith Feeney
feeney at un.org
Fri Jan 31 08:47:44 EST 2003
Thanks to those who replied to my earlier post (below). It's taken me a
while to get on with this.
The files I need to protect are mostly binary, so I can't use a solution
that involves inserting authentication code at the top of PHP pages.
The approach suggested in
http://www.zend.com/zend/trick/tricks-august-2001.php (put the files
outside the document root and use PHP to read them, supply headers, and
forward) will work, but it would be much simpler to be able to password
protect all files in any specified set of directories using Apache
.htaccess. The problem with this is updating the user list, which is large
and in MySQL. The web hosting service doesn't support mod_auth_mysql.
What I would like to do is
1 set up .htaccess protected directories with a single user name and
password,
2 use a PHP page to authenticate users (user by user) against a MySQL
database, and
3 have the PHP page send requests from authenticated users to the server
with the basic authentication header, so that the Apache authentication
window does *not* pop-up, the server having already received basic
authentication credentials.
This last step is not possible directly, but I thought that it might be
accomplished indirectly using a redirect header, like this.
<?php header('Location:
http://www.domainname.com/members/membershome.php');
header('Authorization: base64_encode("abc:123")');
?>
This doesn't work. Is there any way to make this idea work?
More information about the talk
mailing list