Jump to content


Photo

faking http auth


  • Please log in to reply
1 reply to this topic

#1 aunquarra

aunquarra
  • Members
  • PipPipPip
  • Advanced Member
  • 41 posts
  • LocationDallas, Texas

Posted 13 December 2005 - 03:36 AM

This seems to have been posted in the wrong section. I apologize. I have reposted it under PHP Help. The original post is here:
[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--][!--sizeo:1--][span style=\"font-size:8pt;line-height:100%\"][!--/sizeo--]Hello all. This is my first post in this particular section, but I'm sure you guys will be as ever-helpful as the other folks have been, and for that, I thank you in advance.

Basically, my question is simple: is there a way for my php script to convince apache that an http auth procedure has already taken place?

I've built a session-based login system, passing a $_GET session_id() key around from page to page. It works pretty well, and after doing it on four separate sites now, I prefer it to using http auth. The main downside, though, is that with http auth, it's easy to see who is logged in by checking the apache logs (since the username is logged), and I can't do that with this system.

So, I'd like to somehow use my html login page rather than the pop-up http auth window, still base the whole login scheme on the mysql/sessions system it's on now, but tell apache that the username is $_SESSION['username'].

I've tried manually setting the $_SERVER['PHP_AUTH_USER'] var, etc., but of course, that information doesn't pass on to the next page, much less apache itself.

It may not be possible, but if it is, I know someone here will know how to do it. Thanks so much![/quote][!--sizec--][/span][!--/sizec--]

#2 aunquarra

aunquarra
  • Members
  • PipPipPip
  • Advanced Member
  • 41 posts
  • LocationDallas, Texas

Posted 14 December 2005 - 02:05 PM

Did I post this in the wrong section? Should this go under PHP Help?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users