Hey guys,

Is there a way to use PHP to redirect to a page that's in a folder protected by .htpasswd, without the user having to enter any info?

Basically, I have a bunch of database function PHP files, all within a folder protected by .htpasswd. I want to be able to access one of those files' functions through ajax from a public page. I'm thinking I could create an intermediary PHP page that the ajax accesses, that has the username and password hard-coded into it somehow, which would allow it to pull info from the .htpasswd-protected file(s).

Does that make sense? Any idea how I'd go about this?

Any security issues I should watch out for? For instance, once that protected file was accessed, would a user then be able to just go into any protected file they wanted after that (like when you already enter the username and password once, and you aren't prompted again as long as your browser stays open)?

Thanks :beer:

Perhaps this: http://php.net/manual/en/features.http-auth.php

I'll check it out - thanks icio :beer:

Seems like everything I could find on that topic is all about checking the $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] variables, and allowing login based on if they're already set. I'm trying to set those variables with PHP, so that the script can access very specific areas of the protected site without the user actually knowing the username and password. I've tried just setting those variables with PHP, but it still prompts me for the username and password. Any ideas?

Hm, I can't find any further information on the subject and it's never something that I've had to use. I did come across mod_auth_cookie (http://modauthcookie.weebly.com/), however.

That looks interesting, I'll see if that gets me somewhere... Thanks again icio :beer:

It seems like you'd need to figure out how to get the client to redirect and then, once it's accessing the redirect destination, send the HTTP basic auth. (or whatever HTTP auth. scheme) headers.