Re: Protecting a whole directory - PHP Authentication — PHP Programming Language

You are here: Re: Protecting a whole directory - PHP Authentication « PHP Programming Language « IT news, forums, messages

Posted by Jerry Stuckle on 08/25/07 14:34

gosha bine wrote:
> Jerry Stuckle wrote:
>> Álvaro G. Vicario wrote:
>>> rogerjames1@googlemail.com escribió:
>>>> Was going to use .htaccess but I'd require a better user management
>>>> with MySQL database, registeration page, admin page, forgot password
>>>> feature.
>>>>
>>>> Would coding a script that runs every minute and dumps user/pass to
>>>> a .htpasswd file be too taxing on a high traffic site?
>>>
>>> There're several modules that provide HTTP authentication in Apache.
>>> I'm not sure of which ones are usually available in hosting services
>>> but I've used mod_auth_mysql for several years and it works fine:
>>>
>>> http://modauthmysql.sourceforge.net/
>>>
>>> However, you must be aware that you won't be able to use a custom
>>> login form if you use HTTP authentication. Even if you validate an
>>> user using a form, the browser won't know about it and will open its
>>> own prompt and ask for credentials. I've never found an acceptable
>>> workaround.
>>>
>>>
>>>
>>
>> There isn't. HTTP authentication comes into play before any calls to
>> the files themselves. Unfortunately, there's no way to tell the
>> browser what to send for authentication credentials except through the
>> HTTP authentication mechanism (i.e. no PHP or Javascript code can
>> force it).
>>
>>
>>
>
> Might want to read this
>
> http://www.php.net/manual/en/features.http-auth.php
>
>

Yes, I'm familiar with it. And all you can do is send an "401
Authentication Required" header.

Additionally, you can get the authentication information from the
$_SERVER variables.

But there is no way you can force the browser to send authentication
information from either PHP or javascript. And nothing in this
contradicts my statement.

I've been developer/admin of mod_auth_mysql for several years, and
thoroughly understand how it works. I suggest you reread the article
and learn how HTTP authentication works.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Navigation:

Next in forum: Re: Protecting a whole directory - PHP Authentication
Prev in forum: Re: "PHP Users" include issue
Thread view: Re: Protecting a whole directory - PHP Authentication

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация