Cpanel Password Protected Directory Access

[chiefboz]

Hello once again!

 

On my server there exists a directory that I have used cPanel to protect (as it has some pdf files I want to keep from unauthorized users). For our purposes, let's say the directory is named "secure", the realm is "zone", and I have created a user with the name "Aladdin" and the password "magicwand". These are not real values, but let's just pretend they are.

 

Here's what I want to have happen:

1. User logs in to site account system (which I've built).
   
2. User visits a page, say authorize.php, which essentially authorizes the user to the secure directory.
   
3. User is redirected to secure/index.php without needing to enter a username and password.
   

Is this possible?

 

Here is my (modified) authorize.php file.

 

<?php

// perform login check (Is the user logged in to a site account?) - if yes, sets $loggedin to true

if($loggedin) {
$permission = $row['math']; // Retrieve permission from the database.
if($permission == 0) { // If the user's account has not been authorized...
header('Location: index.php?permissionDenied=true'); // redirect them to the main page and inform them
} else {
// You have permission! Proceed!
header('Authorization: Basic '.base64_encode('Aladdin:magicwand'));
header('Location: secure/index.php'); // obviously substituting in the full URL of the index page.
}
}

With this code, the user is still prompted for the credentials of realm "zone" at secure/.

 

Thanks for your help!

[requinix]

It's not. You can't authenticate on behalf of the browser and you can't tell the browser what the credentials are (short of putting them in the URL which is a bad idea).

 

If you want to automatically authenticate people then you'll need to write/find something to let you do that, and it won't involve the server built-in authentication. Though you can store the credentials in a .htpasswd file if you so wish (so long as you don't use it to lock down the directory in Apache).