Jump to content

Archived

This topic is now archived and is closed to further replies.

aunquarra

faking http auth

Recommended Posts

This seems to have been posted in the wrong section. I apologize. I have reposted it under PHP Help. The original post is here:

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--][!--sizeo:1--][span style=\"font-size:8pt;line-height:100%\"][!--/sizeo--]Hello all. This is my first post in this particular section, but I'm sure you guys will be as ever-helpful as the other folks have been, and for that, I thank you in advance.

 

Basically, my question is simple: is there a way for my php script to convince apache that an http auth procedure has already taken place?

 

I've built a session-based login system, passing a $_GET session_id() key around from page to page. It works pretty well, and after doing it on four separate sites now, I prefer it to using http auth. The main downside, though, is that with http auth, it's easy to see who is logged in by checking the apache logs (since the username is logged), and I can't do that with this system.

 

So, I'd like to somehow use my html login page rather than the pop-up http auth window, still base the whole login scheme on the mysql/sessions system it's on now, but tell apache that the username is $_SESSION['username'].

 

I've tried manually setting the $_SERVER['PHP_AUTH_USER'] var, etc., but of course, that information doesn't pass on to the next page, much less apache itself.

 

It may not be possible, but if it is, I know someone here will know how to do it. Thanks so much!

[!--sizec--][/span][!--/sizec--]

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.