NYCPHP Meetup

[Chris Snyder]

David Yun wrote:

>Now, we want to send all
>clients to one site where they can login and be directed to a "project
>status" page that gives them all the latest info on their project and links
>to beta pages/sites. For this part, I would like to use some sort of session
>control/authentication.
>  
>

Lately I've been using an Apache SetHandler directive to run all 
requests through a PHP script that sets up the session, handles 
authentication, and wraps the requested resource in a dynamic header and 
footer before sending it to the client (with appropriate Content-type 
and other headers).

>The problem is that the "beta" sites are not necessarily written in php, and
>we don't want to have to add an authentication script to every page we
>upload for a client to view and approve. 
>

This works even if the resource is a Perl or Python or whatever script-- 
as long as the PHP handler knows (1) that it's a script and (2) how to 
execute the script, it can deliver the output back to the client. You 
can use a $_GET var to request the source instead.

>Does anyone know a solution to this problem, or know of a way to pass a
>userid and password from php to the .htaccess protection?
>
There is support in PHP for working with Basic Auth, but I find 
.htaccess/.htpasswd files tedious to maintain.