htaccess password crossover

[phase66]

Hi guys, great site.

I'm having a strange issue with the password dialogues for linux password protected folders.

One folder called admin is protected with

.htaccess

 

AuthType Basic
AuthName "Admin Console"
AuthUserFile "/root/to/admin/passwd"
require valid-user

 

and .htpasswds/... as appropriate with user:cryptpass

 

A php function within admin creates folders in another folder called ftp which is at the same directory level as admin (outside of the password protected folder!)

 

if ($form_sent) {

    // remove everything but letters and numbers from folder name
    $pattern = "/[^A-Za-z0-9_]/";
    $folder_name = preg_replace($pattern, "", $folder_name);
    // create folder and put index page in it which will include one central index page
    $dir = "ftp/";
    if (is_dir($dir)) {
    
        // if folder doesnt already exist in ftp
        if (!is_dir($dir . $folder_name)) {
        
            mkdir($dir . $folder_name);
            chmod($dir . $folder_name,0777);
            // copy the relevant files into new folder
            copy($dir . "index.php", $dir . $folder_name . "/index.php");
            
            // do the passwords for ftp folders
            $passfile = "/root/to/ftp/passwd";
            if (file_exists($passfile)) {
            
                // open pw file for writing
                $fp = fopen($passfile,"w");
                // open dir to read for usernames
                $handle = opendir("ftp");
                // loop thru using dir name as user for each folder in ftp
                while (false !== ($file = readdir($handle))){
                
                    if ($file != "." && $file != ".." && $file != "index.php" && $file != "ftp_console.php" && $file != ".htaccess") {
                    
                        $un = $file;
                        $pw = "password";
                        $pw2 = crypt($pw);
                        $text = "$un:$pw2";
                        // write encrypted pass to file
                        fwrite($fp, "\n$text");
                        
                    }
                    
                }
                        
                // close file
                fclose($fp);
                
            } // if file exists
            
        } // if !isdir
        
    } // if isdir

} // if form sent 

 

The ftp folder has a .htaccess file as with admin that points to the password file generated above

 

AuthType Basic
AuthName "FTP folder"
AuthUserFile "/root/to/ftp/passwd"
require valid-user

 

This all works well except that when a user that hasnt logged in to the admin folder in the browser session tries to go to an ftp folder they are prompted for a password first for the ftp "FTP folder" as created above and then (and heres the hair ripper for me) they are prompted for the admin folder password (states realm as "Admin Console")!

 

i remember reading a php bug report on something similar but cannot find it now however my first port of call, rather than to suggest a php bug, is to realise that i'm probably doing something stupid!

 

Any help greatly appreciated

Rich