Reply to Re: HTTPS & PHP

Your name:

Reply:


Posted by Alvaro G Vicario on 10/05/63 11:16

*** Troot wrote/escribió (18 May 2005 10:02:19 -0700):
> The flash bit doesn't really matter, I'll just use that to post/get
> variables to php. I know theres a variable in php called $AUTH_USER_PW
> (or something like that). What I'm wondering is if I can do something
> like this:
>
> <?php
> $_SERVER['PHP_AUTH_USER']=$some_variable_passed_in;
> $_SERVER['PHP_AUTH_PW']=$some_other_variable_passed_in;
> ?>

Alright, apparently you're using HTTP authentication. This has nothing to
do with HTTPS/SSL, which is merely an encrypted channel for sensitive
information. This is how it works:

1) User asks for a document.
2) Server software checks if credentials are needed.
2.1) If not needed: page is served.
2.2) If needed: server software checks whether credentials were provided
in request headers.
2.2.1) If provided and username+password are valid: page is served
2.2.2) Else "auth required" message is returned to browser

Browsers handle HTTP auth internally: that means that if a browser gets the
"auth required" message it will *always* display a dialog for user enter
them. This is the key point.

Why? Because Apache itself will only create the PHP_AUTH_* variables if
browser sends credentials. And browser only sends credentials if entered in
its built-in dialog. You cannot use a custom HTML form (or Flash form).

Alternatives? You can use your own server software (that's it, a custom PHP
script rather than letting the task to Apache). The only issue is that this
system won't allow you to access anything that's not PHP: images,
stylesheets, PDFs... To make it worse, if the PHP script itself is
protected by Apache then it won't work: browser will always prompt user.

I guess 'maybe' you can share password files between your ISP's system and
yours, but you probably must write your own system to use them.


--
-- Álvaro G. Vicario - Burgos, Spain
-- http://bits.demogracia.com - Mi sitio sobre programación web
-- Don't e-mail me your questions, post them to the group
--

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация