|
|
Posted by Roman Stφckl-Schmidt on 09/29/93 11:11
Richard Lynch wrote:
> You can always add more .htaccess files in more directories, or edit the
> one that's there.
And that's precisely what I did. The only reason why I only have
..htaccess in the top-level directory is that I don't have any directives
specific to one subdomain that the others shouldn't use and according to
the apache docs when requesting a file apache looks in every
higher-level directory for .htaccess as well.
>>The fact that the uid of the script is appended to the realm specified
>>shouldn't require any changes in the code, or should it?
>
>
> No. It would only invalidate any "saved" logins or passwords from the old
> realm being managed by the browser.
>
> Different realm == different login/credentials needed.
Thanks for that info, seems my understanding of the matter is not as for
off as I thought it to be although I've read your posting saying you
only got to know the specifics through years of practice.
> That's your ISP being silly, not PHP 4.3.10 "changing"
That's what I thought.
> That said, HTTP Authentication WILL NOT WORK with CGI.
>
> It is disabled in PHP source because, because your password would be
> transmitted insecurely from Apache to PHP, and the PHP Team is not willing
> to do that for obvious reasons.
>
> Get your host to go back to PHP as Module, or switch to a form login.
I already contacted their support asking them to at least have PHP5
built as a module when they'll upgrade. I'm not to happy with their
support anyways, responses are fast but they've never told me anything I
hadn't known before asking them.
I've moved from trying to use HTTP based authentication-methods to php
sessions and html-form based authentication, it's much more configurable
especially visual-design-wise and wasn't half as challenging to
implement as I'd expected. Don't you just love when you teach yourself
something new and can use it to do what you want to, and it actually works.
Okay, enough chatting. I just wanted to thank you for your answers
Richard, very helpful and informative.
Cheers from germany, Roman.
P.S.:
> WILD GUESS:
>
> $_SERVER['REMOTE_PASSWORD']
>
> ???
Nope, tried dumping $_SERVER, $_ENV and $_REQUEST upon cancelling the
authentication, nothing useful in there. It says in a comment to the
manual that the authdata is in $_SERVER['REMOTE_USER'] and you can
either base64_transcode it (or whatever the function is called) or use
apache's ModRewrite but I can't confirm that, maybe the person that
suggested it was using apache2, in any case it didn't work.
Navigation:
[Reply to this message]
|