Login with PHP - allow access to .htaccess protected directory

[AndrewJ1313]

I am trying to password protect a section of a web site. I have the login script written and it works fine, as do all of the document level restrictions. I want to be able to also restrict access to various image directories using .htaccess, which is also setup and working. My problem is I want my logged in users to be able to access these directories without having to enter another password.

 

Is there a way to pass the username/password to .htaccess with PHP avoiding the .htaccess popup?

 

I have trawled google for hours and was hoping someone here might have a thought or two.

 

Thanks to all,

Andrew

[TeddyKiller]

Well, assuming you have sessions set, you can check.

if(!isset($_SESSION['mysession132'])){ 
     if($_POST['submit']){
           if($_POST['password'] == 'my password') {
                $_SESSION['mysession132'] = sha1($_POST['password']);
           }
     }
    echo "<form action=\"\"><input type=\"password\" name=\"password\" /></form>";
}
else
{
?>
<div>
MY PAGE
</div>
<?php } ?>

 

Not tested, but you get the idea.

 

As for using .htaccess for this, don't ask me. I have no idea, it wouldn't be PHP I believe.

 

Note: Make sure a diferent session is created upon user login, either via loginform, or via the password protection form for a different protected page. So that users cant access the rest of the site via the session, just that page.

[jonsjava]

might want to look at PHP_AUTH

You would do something like this:

<?php
session_start();
if (isset($_SESSION['username']) && isset($_SESSION['password']) && isset($_SESSION['is_valid']) && $_SESSION['is_valid'] == true){
$_SERVER['PHP_AUTH_USER'] = $_SESSION['username'];
$_SERVER['PHP_AUTH_PW'] = $_SESSION['password'];
}

This isn't well thought out code, but it should get you on the right path.

[TeddyKiller]

might want to look at PHP_AUTH

You would do something like this:

<?php
$_SERVER['PHP_AUTH_USER'] = $_SESSION['username'];
$_SERVER['PHP_AUTH_PW'] = $_SESSION['password'];

This isn't well thought out code, but it should get you on the right path.

 

What is $_SERVER exactly? Cookies are computer based, sessions are browser based, are servers.. basically database sessions or what?

[jonsjava]

Cookies and sessions are what your browser sends back to the server so it knows which session you are working from. All the actual data for the sessions and cookies are stored on the server, usually in the /tmp folder (if linux, and they have enough ram for that)

[TeddyKiller]

So why would you need to use $_SERVER['name'] ? Sorry if you answered it, I'm a newb.

[jonsjava]

Don't worry. I don't mind the questions. The fact you are asking the right questions says a lot about your intelligence (a compliment, btw)

 

Ok, $_SERVER are the server environment variables. Think of it this way:

 

In Windows, you have environment variables. Don't believe me? well, check this out:

Go to Start-->Right click on My Computer-->Properties

If you are like me, and running windows 7, you would then click on "Advanced System Settings" on the left. Windows XP, you go to "Advanced", I think.

Click on "Environment Variables..."

 

 

All systems have enviousness variables. It allows the system to know how much RAM to allocate, the path to common applications, and more.

Well, most well-built applications have the same, so you can configure them yourself.  Apache has quite a few.  They tell the server what user to run the application/script as, where to store temp files, where to store session data, and more.  By setting $_SERVER['PHP_AUTH_USER'], it is telling Apache to set the REMOTE_USER to the user who has authenticated with the given credentials via PHP.  I'm mucking it up, but I'll gladly answer any other questions this causes you to pose.

 

[jmajeremy]

So why would you need to use $_SERVER['name'] ? Sorry if you answered it, I'm a newb.

 

So why would you need to use $_SERVER['name'] ? Sorry if you answered it, I'm a newb.

 

Any of the variables like $_POST, $_GET, and $_SERVER are called "superglobals," because they are automatically set by PHP, and contain arrays of information about the environment. While $_GET, $_POST, $_COOKIE, and $_REQUEST contain information about the querystring, post data and cookies respectively, $_SERVER just contains generaly information about the operating environment, both on the server side and client side. For example, $_SERVER['REQUEST_URI'] always contains the current URI.

 

To get a better idea of it, look at the PHP manual page on $_SERVER (http://php.net/manual/en/reserved.variables.server.php).

Also, I would suggest running the following script, so you can see what the actual values would be, and get a better sense of how you could use them:

<?php
header('Content-type: text/plain');
print_r($_SESSION);
?>

[TeddyKiller]

Also, I would suggest running the following script, so you can see what the actual values would be, and get a better sense of how you could use them:

<?php
header('Content-type: text/plain');
print_r($_SESSION);
?>

 

Which wouldn't work anyway without "session_start();" heh.

I'll read up on the article. Thanks.