Jump to content


This topic is now archived and is closed to further replies.


login with PHP - folder protected with .htaccess

Recommended Posts


I am trying to find a solution for simple logon script in PHP (but not copy existing one, but try to write and understand it by myself, anyway: free scripts I have found do not solve my problem).

I am using PHP 5.0.4 installed on Fedora 4.
I want to use .htaccess file in order to protect the folder.

Let me explain my problem in details:

1) I have created folder ABC where I put .htaccess file like this:

AuthType Basic
AuthName "test for authorization"
AuthUserFile /var/www/html/passwd/password
Require user raf

2) I have added user “ raf “to the file password stored in /var/www/html/passwd/

3) I have created file test.html in protected folder

4) When I tried to open a file in Browser I was asked for user and password, which works fine.

...and here begins my problem.
I don't like window generated by Apache. I want that users will see nice page with logon form, on which user name and password can be entered.

In order to do this I have created file welcome.html with form like this:

<form method="POST" action="login.php">
<input type="text" size=10 maxlength=10 name="formUser">
<input type="password" size=10 maxlength=10 name="formPassword">
<input type="submit" value="Log in">

My login.php file looks like this:

$user = $_POST['formUser'];
$pass = $_POST['formPassword'];

if (!isset($user) || !isset($pass))
return false;

$_SERVER['PHP_AUTH_USER'] = $user;
$_SERVER['PHP_AUTH_PW']= $pass;
$test1 = $_SERVER['PHP_AUTH_USER'];
$test2 = $_SERVER['PHP_AUTH_PW'];

print ("Your user: $test1 <br> Your Password : $test2");


Files welcome.html and login.php are one level higher than folder ABC.
After I have opened welcome.html I have entered valid user name (raf) and password as defined in .htaccess and password file. As result I saw the message:
Your user: raf
Your Password : raf

Which means login.php works fine.
If I try to open test.html stored in the folder ABC I am asked for user and password. Why? I though Apache has registered this after login.php was executed (with $_SERVER['PHP_AUTH_USER']).
What I am doing wrong? How should I do it correctly?
How can I avoid standard prompt window and pass user and password to Apache in that way (via login.php), that I will be not asked again to enter this and display standard logon window?

Next question: how can I log off and enter folder with different user.


Share this post

Link to post
Share on other sites
Did you ever get a resolution to this? This is exactly what I am trying to do with similar results.....

Thank you.

Share this post

Link to post
Share on other sites


Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.