Posted by Dan Trainor on 10/23/05 03:32

Richard Lynch wrote:
> You USED to be able to do that by putting
>
> http://username:password@example.com
>
> but then Microsoft, in its infinite wisdom, decided that was a
> "security risk" and stopped supporting it.
>
> AFAIK, there's no way to SET the USER/PASS from server to browser...
>
> Hmmmm.
>
> You could maybe use cURL to login, then pass back all the responses to
> the browser, and then the headers that make them be "logged in" would
> work for both your login and their .htaccess.
>
> The PHP Form and HTTP Auth part of all this for your first login is
> documented right in the manual, so you needn't strain your brain on
> that bit.
>

Thanks for the response, Richard -

However, I'm not looking to insert usernames or passwords into the
client browser. I'm simply looking for a way to have apache totally
ignore all AuthConfig information if the user has already authenticated
to the system using some PHP form hackery.

I think I found a solution here that I'm going to play with.

Thanks
-dant

• Next in forum: Re: [PHP] Ugh, w32 anything is making me want to drink!
• Prev in forum: Re: [PHP] Re: file_exists()
• Thread view: Re: [PHP] Using PHP-based form authentication, circumventing existing Apache .htaccess "require valid-user"

[Reply to this message]