AbydosGater Posted June 21, 2007 Share Posted June 21, 2007 Hey Guys, This is probs the wrong place to ask this but it seams to suit the question best. I have tried using a sniffer but i cant find them, Does anyone know the headers that are sent to a server for a HTTP Auth (.htaccess login)? As in if i fill in the popup with username and pass and click login.. What headers does the browser send to the server? Thanks Quote Link to comment Share on other sites More sharing options...
AbydosGater Posted June 21, 2007 Author Share Posted June 21, 2007 Ok, Im replying to this as i dont have a modify button anymore.. I have found a section on the HTTP that says: user-pass = userid ":" password userid = *<TEXT excluding ":"> password = *TEXT Userids might be case sensitive. If the user agent wishes to send the userid "Aladdin" and password "open sesame", it would use the following header field: Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== I found that http://www.ietf.org/rfc/rfc2617.txt <-- Here under [Page 5].. So if i read that correct.. to login you have to send the header: Authorization: Basic **Encrypted Details Here** And the encrypted details should be user:password.. If i am correct.. what method is used to encrypted the details? Andy Quote Link to comment Share on other sites More sharing options...
steviewdr Posted June 22, 2007 Share Posted June 22, 2007 This might be a suitable article for you to read: http://www.sitepoint.com/article/http-authentication-php As for "Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==" Im not sure. I havnt seen the user name MD5'd for htaccess. The application htpasswd generates password hashes for apache. -steve Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.