Authentication. Give script access?

[lindm]

I have a page password protected with the following code (if you see any improvements please also comment..) below. On my site I also have a pdf conversion script (php) which I want to have access to the password protected page. Is there a safe way to arrange this,in other words perhaps let the pdf script skip the password protection function?

 

Code

<?php

if(!isset($_SERVER["PHP_AUTH_USER"])){
    Header("WWW-Authenticate: Basic realm=\"Restricted Access\"");
    Header("HTTP/1.1 401 Unauthorized");
    echo "Authorization missing.";
    exit();
}

$host="xxx.com";
$user="xxx";
$pass="xxx";
$db="xxx";
$table="xxx";
$validate=FALSE;
$path = explode("/", getcwd());
$userName=$path[count($path)-1]; //Username is the current folder

$con = mysql_pconnect ("$host", "$user", "$pass") or die("Error: " . mysql_error());
mysql_select_db ("$db");
$result = mysql_query("SELECT * FROM $table Where userName = $userName");
$row = mysql_fetch_array($result);

if (($_SERVER["PHP_AUTH_USER"]==$userName)&&($_SERVER["PHP_AUTH_PW"]==$row["userPass"])) {$validate=TRUE;} 
mysql_close();

if ($validate==FALSE){
    Header("WWW-Authenticate: Basic realm=\"Restricted Access\"");
    Header("HTTP/1.1 401 Unauthorized");
    echo "Authorization missing.";
    exit();
}
?>
HTML CODE BELOW

 

[blackcell]

You can use .htaccess with .htpasswd files and I think it will cut down on the amount of actual coding goes into your page.  I use .htpasswd on a few things and actually wrote subroutines to go into an interface to view/manage passwords to different areas of an intra-net site.  Just a consideration.