HELP! Php to login to HTACCESS?

godfather · #1 (**permalink**) 03-05-04, 11:41 PM

Well, I had a handy script where you could login and it passed the login to htaccess via the addressbar.

user : pass @ server.com. This was used to login.

I am REALLY looking for a script where someone could login, and based upon login sends them to their htaccess protected directoy without them having to login again.

ANYONE have a clue?

Feb 4th Microsoft patched the above method to no longer work. Thanks.

digioz · #2 (**permalink**) 03-06-04, 12:19 AM

Here is the solution that I came up with a few weeks ago. Use it at your own risk:

// File login.html ----------------------------------

Code:

<!doctype html public "-//w3c//dtd html 3.2//en">
 
 <html>
 
 <head>
 <title>Login Page</title>
 </head>
 
 <body bgcolor="#808080" text="#000000" link="#8080ff" vlink="#0000ff" alink="#ffff00">
 
 <form method="post" action="login.php">
	<b> Username </b>&nbsp;&nbsp;<input type="text" name="name"><br>
	<b> Password </b>&nbsp;&nbsp;&nbsp;<input type="password" name="password"><br>
	<br>
  <input type="submit" name="Login" value="Login">
 </form>
 </body>
 
 </html>

// File login.php ----------------------------------

PHP Code:


			
<?php
// These two values are passed from the form ---------------------------
$username = $_POST['name'];
$password = $_POST['password'];
// Change these values to fit your site --------------------------------
$domain   = "[url="http://www.yourdomain.com"]www.yourdomain.com[/url]";  // Your Domain
$restrict = "members";    // The restricted directory
$pagetitle= "Your Page Title Here;  // Title of the Page

echo "<html><head><title>$pagetitle</title><META HTTP-EQUIV=REFRESH CONTENT=\"0; 
URL=http://$username:$password@$domain/$restrict\"></head>";
echo "<body bgcolor=\"#C1C1C9\">";
echo "<center><h2> Login into the Members Area ... </h2>";
echo "</body></html>"; 
?>

godfather · #3 (**permalink**) 03-06-04, 12:54 AM

Thanks for the post, but..

URL=http://$username:$password@$domain/$restrict\"></head>";

Microsoft disabled this if you update a security update dated Feb 4 2004. THey no longer allow user / password in the url. I did find a workaround by redirecting via the htaccess file itself, but its not great.

digioz · #4 (**permalink**) 03-06-04, 01:00 AM

Leave it to Microsoft to take the fun out of everything.

Could you post your workaround here for us?

Quote:

Originally Posted by godfather

Thanks for the post, but..

URL=http://$username:$password@$domain/$restrict\"></head>";

Microsoft disabled this if you update a security update dated Feb 4 2004. THey no longer allow user / password in the url. I did find a workaround by redirecting via the htaccess file itself, but its not great.

godfather · #5 (**permalink**) 03-06-04, 01:03 AM

I take no credit here.... I am just looking for a solution like the above, NOW. That is, since M$ broke it..

Link..
http://forums.devshed.com/archive/t-12716

The last post on that page by: unclehighbrow

Says..
Well, it's been a long time, but I just came across this posting again recently, and I hadn't read freebsd's suggestion to post what I got, but here it is now:

AuthUserFile /Library/WebServer/.htpasswd
AuthGroupFile /dev/null
AuthName ByPassword
AuthType Basic
RewriteEngine on
RewriteCond %{REQUEST_URI} /client/?$
RewriteRule . /client/%{REMOTE_USER} [L,R]
require valid-user

Works like a charm. Hope it's of use to someone.