Results 1 to 7 of 7

Thread: Using PHP to access a file protected by .htpasswd

  1. #1

    Using PHP to access a file protected by .htpasswd

    Hey guys,

    Is there a way to use PHP to redirect to a page that's in a folder protected by .htpasswd, without the user having to enter any info?

    Basically, I have a bunch of database function PHP files, all within a folder protected by .htpasswd. I want to be able to access one of those files' functions through ajax from a public page. I'm thinking I could create an intermediary PHP page that the ajax accesses, that has the username and password hard-coded into it somehow, which would allow it to pull info from the .htpasswd-protected file(s).

    Does that make sense? Any idea how I'd go about this?

    Any security issues I should watch out for? For instance, once that protected file was accessed, would a user then be able to just go into any protected file they wanted after that (like when you already enter the username and password once, and you aren't prompted again as long as your browser stays open)?

    Thanks
    Proud Montanadian
    You want a toe? I can get you a toe... Hell, I can get you a toe by three o'clock this afternoon, with nail polish.

  2. #2
    icio's Avatar
    3,810
    posts
    looks better in lowercase
    "60% of the time it works... every time." -- Paul Rudd as Brian Fantana.

  3. #3
    I'll check it out - thanks icio
    Proud Montanadian
    You want a toe? I can get you a toe... Hell, I can get you a toe by three o'clock this afternoon, with nail polish.

  4. #4
    Seems like everything I could find on that topic is all about checking the $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] variables, and allowing login based on if they're already set. I'm trying to set those variables with PHP, so that the script can access very specific areas of the protected site without the user actually knowing the username and password. I've tried just setting those variables with PHP, but it still prompts me for the username and password. Any ideas?
    Proud Montanadian
    You want a toe? I can get you a toe... Hell, I can get you a toe by three o'clock this afternoon, with nail polish.

  5. #5
    icio's Avatar
    3,810
    posts
    looks better in lowercase
    Hm, I can't find any further information on the subject and it's never something that I've had to use. I did come across mod_auth_cookie, however.
    "60% of the time it works... every time." -- Paul Rudd as Brian Fantana.

  6. #6
    That looks interesting, I'll see if that gets me somewhere... Thanks again icio
    Proud Montanadian
    You want a toe? I can get you a toe... Hell, I can get you a toe by three o'clock this afternoon, with nail polish.

  7. #7
    It seems like you'd need to figure out how to get the client to redirect and then, once it's accessing the redirect destination, send the HTTP basic auth. (or whatever HTTP auth. scheme) headers.
    COLOURlovers | Member #2 of the kirupa XBox 360 Club
    "I think most people would agree that your computer breaking is a Christmas miracle." ~shane-c to Timmytots

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Home About kirupa.com Meet the Moderators Advertise

 Link to Us

 Credits

Copyright 1999 - 2012