Jump to content

PHP Auto-Login to an htaccess secured site

p2grace

By p2grace
in PHP Coding Help

Recommended Posts

p2grace Newbie

p2grace

Posted
Posted

Hi,

 

I have a huge series of htm files that are generated by a product that I want to put on a site secured with htaccess.  This part is simple. 

 

The problem is the users who have access to this site are in a database that is encrypted with an algorithm.  So I need to use php to authenticate the user, and if the user is accepted put the htaccess username and password in the header and redirect to the htaccess secured area.  The folder that is secured with an htaccess file has just one username and password, because the php system itself will be logging into it after it has validated a user.

 

Any ideas how to make this work?

 

Any help would be appreciated!

 

Thank you!

premiso Regular Member

premiso

Posted
Posted

Here is a dumb question...Why not just have PHP retrieve the file for the user?

 

www.php.net/readfile

 

using headers to display it as htm

 

www.php.net/header

 

That way when they login you simply run this script to go fetch the content of the .htm file and either display it to the browser like he is viewing that file or make it download able to the user...

 

That seems alot easier imo.

 

EDIT:

On that note even www.php.net/file_get_contents would work too.

p2grace Newbie

p2grace

Posted
  • Author
Posted

Premiso actually gave a good idea, instead of redirecting to the secure site... i'll just include the index file from the secured site.  That way the directory is still secure, and I don't have to redirect.

 

I'll give it a try and let you know if it works.

 

Thank you for all of your help so far!

premiso Regular Member

premiso

Posted
Posted

Ok, here is how I have it imagined:

Basically you use a 3rd party file, we will call getfile.php. This file will check session or a cookie value that was set when logged in. The user is redirected to this page once logged in and using session and or cookies a file can be retrieved

<?php
// make sure the user should be here checking cookies etc
if (authorized()) {
    // $_SESSION['file'] needs to be formated with relative to the file so '/directory/html1/index.htm'
    if (isset($_SESSION['file'])) {
        $getfile = file_get_contents($_SESSION['file']);
        echo $getfile;
   }
}

?>

 

Hope that gets you rolling.

p2grace Newbie

p2grace

Posted
  • Author
Posted

I just tried it and it does the same thing an include would do.  The problem is that the index.htm file calls many other files, and those files call other files, and they're all relative links. 

 

So the problem is that the links break because the directories change.

 

Any ideas?

premiso Regular Member

premiso

Posted
Posted

Ok, I am probing at nothing here just getting a feel for the system. For each index.htm file you have, are the files referenced from it all different for each one? Or is it a generic Stylesheet/images etc? If it is generic you may be able to put them in a central location outside of the secured directory.

 

If not, then if you want to do a redirect for the user this is how the url needs to be formatted:

http://MyUsername:[email protected]/myprotecteddir/

 

The only issue is that anyone viewing the person's web history can essentially gain access to the secured directory. Other then short of re-designing your system thats your only options from what I know.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.