PHP Auto-Login to an htaccess secured site

[p2grace]

Hi,

 

I have a huge series of htm files that are generated by a product that I want to put on a site secured with htaccess.  This part is simple. 

 

The problem is the users who have access to this site are in a database that is encrypted with an algorithm.  So I need to use php to authenticate the user, and if the user is accepted put the htaccess username and password in the header and redirect to the htaccess secured area.  The folder that is secured with an htaccess file has just one username and password, because the php system itself will be logging into it after it has validated a user.

 

Any ideas how to make this work?

 

Any help would be appreciated!

 

Thank you!

[DyslexicDog]

If you are going to create a php script to login the user. Why not just set a cooking and include a script to check to see if your user is logged in when accessing your htm files?

[p2grace]

Because that would involve editing each htm file, all 975,000 of them

[premiso]

Here is a dumb question...Why not just have PHP retrieve the file for the user?

 

www.php.net/readfile

 

using headers to display it as htm

 

www.php.net/header

 

That way when they login you simply run this script to go fetch the content of the .htm file and either display it to the browser like he is viewing that file or make it download able to the user...

 

That seems alot easier imo.

 

EDIT:

On that note even www.php.net/file_get_contents would work too.

[tinker]

Because that would involve editing each htm file, all 975,000 of them

 

If it comes to it, look at awk...

[p2grace]

Premiso actually gave a good idea, instead of redirecting to the secure site... i'll just include the index file from the secured site.  That way the directory is still secure, and I don't have to redirect.

 

I'll give it a try and let you know if it works.

 

Thank you for all of your help so far!

[premiso]

Well something good came from me today lol. Anyhow if you need help getting it to work let me know. I have the idea and code all in my head, it's just a matter of taking 10min or so to write it out.

[p2grace]

One problem I'm running into is that the links are relative, so if I just include the file it breaks the relative links.

 

Still working on figuring this out.

[premiso]

Ok, here is how I have it imagined:

Basically you use a 3rd party file, we will call getfile.php. This file will check session or a cookie value that was set when logged in. The user is redirected to this page once logged in and using session and or cookies a file can be retrieved

<?php
// make sure the user should be here checking cookies etc
if (authorized()) {
    // $_SESSION['file'] needs to be formated with relative to the file so '/directory/html1/index.htm'
    if (isset($_SESSION['file'])) {
        $getfile = file_get_contents($_SESSION['file']);
        echo $getfile;
   }
}

?>

 

Hope that gets you rolling.

[p2grace]

I just tried it and it does the same thing an include would do.  The problem is that the index.htm file calls many other files, and those files call other files, and they're all relative links. 

 

So the problem is that the links break because the directories change.

 

Any ideas?

[premiso]

Does your server parse .htm as php so when you say includes many files like the actual www.php.net/include? If not try <base href="http://www.linktodirectory"> added to the output. Kinda rushed I will check later with you.

[p2grace]

Alright the base tricks works perfectly if the folder isn't secured, but since it is secured it just keeps prompting for that folder's username and password.

[premiso]

Ok, I am probing at nothing here just getting a feel for the system. For each index.htm file you have, are the files referenced from it all different for each one? Or is it a generic Stylesheet/images etc? If it is generic you may be able to put them in a central location outside of the secured directory.

 

If not, then if you want to do a redirect for the user this is how the url needs to be formatted:

http://MyUsername:Mypassword@www.mydomain.com/myprotecteddir/

 

The only issue is that anyone viewing the person's web history can essentially gain access to the secured directory. Other then short of re-designing your system thats your only options from what I know.

[p2grace]

Hmm I can't expose the username and password like that, I'll have to come up with something different.  I appreciate all of your help on this.