Jump to content


Photo

.htaccess & PHP


  • Please log in to reply
3 replies to this topic

#1 Janus13

Janus13
  • Members
  • PipPipPip
  • Advanced Member
  • 54 posts

Posted 24 October 2006 - 01:06 AM

This question could be asked in two different places on the forum so I'm going to post it in both - mods, I hope that's ok.

I'm trying to figure out if it's possible to get PHP and Apache .htaccess to work together to achieve a single sign on.  I have a directory security program I have written to protect directories on apache servers so it's more flexible than just having to manually create password files and us .htaccess.  At the moment I have to have it display two different login boxes. The first one is a php page that has a login form, then compares the form information to a mysql database for authentication.  If successful then it sends the user to the protected directory, and if that directory has a .htaccess file and rule setup for a password file it prompts again for user credentials.  What I want to do is figure out a way to pass the php login information to Apache so it will accept that as login credentials and not prompt the second time.  Is this possible?

Thanks for any help! I can't imagine I'm the first to want to do this, so hopefully someone has some ideas.

#2 R_P

R_P
  • Members
  • PipPipPip
  • Advanced Member
  • 98 posts

Posted 24 October 2006 - 02:51 PM

One way to get PHP and Apache talking to each other is through Apache's environmental variables and PHP's Apache-specific functions (see links for reference). I'm assuming you have Apache 2, but it should work the same in 1.3. What I would try is once a user has logged in, use apache_setenv() in this manner:

   apache_setenv("DISABLE_HTA",1,walk_to_top);
 

Then in your httpd file, change your AccessFileName directive to something like this:

   AccessFileName .htaccess env=!DISABLE_HTA
 

In theory this should disable .htaccess across the entire server when the first block of code is used, although I've never tried it  ;D . If you want to disable .htaccess for just a specific directory, you could create a new <directory> block in you httpd file for each folder and define different environmental variables to set them apart. You also might be able to use the conditional statement (env=!DISABLE_HTA) in the .htaccess files themselves. Tell me how it works for you and if you need further guidance. Again, I've never tried this technique but its an interesting application.
Pro in: Win2K3S | Apache2 | PHP5 | Perl5 | MySQL | MSSQL | Firefox | Photoshop
Student of: Ubuntu6 | Java | C | VB.NET | ASP.NET
Developer: Roddzilla Webstudios, Burrson CG, DVIDSHUB, The Four Nations
Student: Georgia Tech, Georgia Tech College of Computing

#3 Janus13

Janus13
  • Members
  • PipPipPip
  • Advanced Member
  • 54 posts

Posted 28 October 2006 - 01:34 AM

Oh, It's not that I want to disable .htaccess support, I know how to do that, but rather I want to use both htaccess and php/db password comparison together in a single sign on type setup. To me it would be the most secure way to do it, but from what I can tell it isn't possible the way I envision it.

#4 R_P

R_P
  • Members
  • PipPipPip
  • Advanced Member
  • 98 posts

Posted 30 October 2006 - 11:00 PM

But wouldn't that accomplish the same thing? I understand in principle it isn't, but technically disabling protection is the same as authenticating. And you would only be disabling .htaccess on a per-user, per-session, per-directory (potentially) basis.

On another note take a look at this. I think this maybe closer to what you're looking for:

HTTP authentication with PHP

Pro in: Win2K3S | Apache2 | PHP5 | Perl5 | MySQL | MSSQL | Firefox | Photoshop
Student of: Ubuntu6 | Java | C | VB.NET | ASP.NET
Developer: Roddzilla Webstudios, Burrson CG, DVIDSHUB, The Four Nations
Student: Georgia Tech, Georgia Tech College of Computing




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users