Reply to Re: Protecting a whole directory - PHP Authentication — PHP Programming Language

Posted by gosha bine on 08/25/07 17:04

Jerry Stuckle wrote:
> gosha bine wrote:
>> Jerry Stuckle wrote:
>>> Álvaro G. Vicario wrote:
>>>> rogerjames1@googlemail.com escribió:
>>>>> Was going to use .htaccess but I'd require a better user management
>>>>> with MySQL database, registeration page, admin page, forgot password
>>>>> feature.
>>>>>
>>>>> Would coding a script that runs every minute and dumps user/pass to
>>>>> a .htpasswd file be too taxing on a high traffic site?
>>>>
>>>> There're several modules that provide HTTP authentication in Apache.
>>>> I'm not sure of which ones are usually available in hosting services
>>>> but I've used mod_auth_mysql for several years and it works fine:
>>>>
>>>> http://modauthmysql.sourceforge.net/
>>>>
>>>> However, you must be aware that you won't be able to use a custom
>>>> login form if you use HTTP authentication. Even if you validate an
>>>> user using a form, the browser won't know about it and will open its
>>>> own prompt and ask for credentials. I've never found an acceptable
>>>> workaround.
>>>>
>>>>
>>>>
>>>
>>> There isn't. HTTP authentication comes into play before any calls to
>>> the files themselves. Unfortunately, there's no way to tell the
>>> browser what to send for authentication credentials except through
>>> the HTTP authentication mechanism (i.e. no PHP or Javascript code can
>>> force it).
>>>
>>>
>>>
>>
>> Might want to read this
>>
>> http://www.php.net/manual/en/features.http-auth.php
>>
>>
>
> Yes, I'm familiar with it. And all you can do is send an "401
> Authentication Required" header.

No, just read it. You can send "WWW-Authenticate" and specify realm and
authentication type (basic, digest). You can also send the text that
will be shown if authentication fails.

>
> Additionally, you can get the authentication information from the
> $_SERVER variables.
>
> But there is no way you can force the browser to send authentication
> information from either PHP or javascript. And nothing in this
> contradicts my statement.

Your statement is fairly unclear. I fail to see the browser can "send"
anything "from PHP". Php is not something the browser is aware off (I
know, you're familiar with that fact).

>
> I've been developer/admin of mod_auth_mysql for several years, and
> thoroughly understand how it works. I suggest you reread the article
> and learn how HTTP authentication works.
>

Noone questions your skills. You take it too personally. ;)

--
gosha bine

extended php parser ~ http://code.google.com/p/pihipi
blok ~ http://www.tagarga.com/blok

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация