Jump to content


Photo

PHP & .htaccess


  • Please log in to reply
2 replies to this topic

#1 Janus13

Janus13
  • Members
  • PipPipPip
  • Advanced Member
  • 54 posts

Posted 24 October 2006 - 01:05 AM

This question could be asked in two different places on the forum so I'm going to post it in both - mods, I hope that's ok.

I'm trying to figure out if it's possible to get PHP and Apache .htaccess to work together to achieve a single sign on.  I have a directory security program I have written to protect directories on apache servers so it's more flexible than just having to manually create password files and us .htaccess.  At the moment I have to have it display two different login boxes. The first one is a php page that has a login form, then compares the form information to a mysql database for authentication.  If successful then it sends the user to the protected directory, and if that directory has a .htaccess file and rule setup for a password file it prompts again for user credentials.  What I want to do is figure out a way to pass the php login information to Apache so it will accept that as login credentials and not prompt the second time.  Is this possible?

Thanks for any help! I can't imagine I'm the first to want to do this, so hopefully someone has some ideas.

#2 HuggieBear

HuggieBear
  • Members
  • PipPipPip
  • Advanced Member
  • 1,899 posts
  • LocationEngland, UK

Posted 24 October 2006 - 08:12 AM

I don't think you are the first, and it can be done the other way around, .htaccess login info can be sent to a php page by using the $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] variables.  I'm not sure about the other way though, passing values from php to .htaccess, maybe it's just a case of setting the values of those variables, so when apache looks for them, they're valid.

I'll test it.

Regards
Huggie

Note: That didn't work :(
Advice to MySQL users: Get phpMyAdmin and test your queries work there first, take half the hassle out of diagnosis, also check the reserved words list.

Links: PHP Docs :: RegEx's :: MySQL :: DevGuru :: w3schools

#3 Janus13

Janus13
  • Members
  • PipPipPip
  • Advanced Member
  • 54 posts

Posted 28 October 2006 - 02:14 AM

Ok so to get it to work then you'd have be able to overwrite the the globals for username and password, which as far as I can tell aren't possible.  So is there no way to do a SSO (Single Sign On) for Apache like you can for IIS?? I suppose you'd have to do it without .htaccess, but that's just not as secure, and for what I code for people they don't always know PHP so they can't rely on php security pages..




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users