Apache Authentication Handler in PHP

[r8ed]

Hi.  I created a handler in my .htaccess file that runs a php script to authenticate users for all documents below a directory.  It pops up an apache username/password window and then compares the credentials to a username/password file.  If it passes, then a session cookie is written to the browser.  If it fails, a counter is updated in the user file and they are authenticated again.  After 5 times, they are locked out.  This works fine for HTML files.  However, there are php files in that directory too.  This is where I have an issue. 

In my PHP code I just take the originally requested file and print it out by doing readfile().  If I do this to a PHP file, it tries to print to the browser without actually running the php.  Basically attempts to print the code to the browser instead of running it.  I tried many ways of outputting the data from the PHP but it does not work.

Can any suggest a way to have this code do authentication and then pass back control to apache to handle/translate the document?  Or maybe another suggestion to make this work?

The reason I did it this way is because we have a third party product that pings the server constantly to show "real-time" status.  This causes authentication every time and causes the user file to be in a read state at all times.  When a real user goes to log in, they can potentially get locked out, especially when many users are on the site...or if two people are on the real-time page.  We were using mod_auth, which controlled the authentication.  I thought writing this quick php would fix it but I ran into the issue above.

Thank you for any help.

[Daniel0]

You could configure Apache to treat .html files as PHP files.

[r8ed]

[quote author=Daniel0 link=topic=121570.msg500102#msg500102 date=1168296450]
You could configure Apache to treat .html files as PHP files.
[/quote]
I'm not sure if my description was clear.  What will this buy me?

I have to protect html, php, jsp ... anything in my admin directory.  So, I need something to step in when somebody accesses a page to validate them and if they are valid, let them see the page.  I did so by adding a handler to apache.  I wrote it in PHP because that language is supported out of the box by our server configuration.  I don't want to add code to every page on the server, especially since most of it isn't mine.

[sloshire1]

The simplest way out that I can see is to test the extension of the file.  If it is an html file, print it out.  If it is a PHP file, include it.  Just make sure that there aren't any conflicting variables in your auth script and you should be fine.

Hope this helps.

[r8ed]

[quote author=sloshire1 link=topic=121570.msg500117#msg500117 date=1168297130]
The simplest way out that I can see is to test the extension of the file.  If it is an html file, print it out.  If it is a PHP file, include it.  Just make sure that there aren't any conflicting variables in your auth script and you should be fine.

Hope this helps.

[/quote]
Um...yeah that worked!!!!!!!!!!  Thank you for your help.  I don't know PHP or apache very well - just picked.  I didn't know there was "include".  I don't even have to check the extension either.  It displays HTML fine.  Thanks again.  Can't believe it was that simple.