|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
|
|
#1
January 11th, 2003, 08:46 PM
|
||||
|
||||
|
Protected Folders: Pass variables?
Hi.
I have a client area with protected folders. Is it possible to have an HTML form that somehow passes in the submitted username and password to the protected directory? I want to do this in order to avoid the browser-dependent-and-ugly login prompt. (I chose the protected folder method of making the client area over the PHP-mySQL-cookie way.) Thanks Mikhail
|
|
#2
January 12th, 2003, 03:10 PM
|
|||
|
|||
|
yes, the syntax is:
http://username:password@www.yourdomain.com/ and should work with the htaccess mechanism. for a php login, if you accept GET variables you can use: http://www.yourdomain.com/protected/login.php?username=user&password=secret if the form fields are: <input type="text" name="username"> <input type="password" name="password">
__________________
-- Manuel Hirsch - Linux, FreeBSD, programming, administration articles, tutorials and more.
|
|
#3
January 12th, 2003, 05:58 PM
|
|||
|
|||
|
Hi,
Try useing coockies as with get strings you would end up with urls including the login and password and I wonder whether that would be something you were looking for. Somebody else could easily hijack your login and password by just standing behind you for instance. Just my .2 cents. Erik
|
|
#4
January 13th, 2003, 02:48 AM
|
|||
|
|||
|
for the username: password part, in newer browsers iirc the password is not displayed on the screen anymore.
but it will probably still be logged in proxys and maybe in the apache logs. pinocchi, password hijacking for "post" requests is not much harder...  only solution: use SSL!
|
|
#5
January 19th, 2003, 01:52 PM
|
||||
|
||||
|
Quote:
One little problem: When I type the user:password@... thing into my browser, it all works fine, but when I use header("Location: http://$user:$pass@clients.mikhailmarkin.com/$user"); it doesnt work, and the browser just gives me the login prompt box. For debugging purposes (and to test if I was submitting my credentials properly), I changed header to echo in my PHP file. It outputed the whole location:... thing, and when I copied the url part into the browser window, it worked fine... Any ideas? Last edited by mmarkin : January 19th, 2003 at 01:55 PM.
|
|
#6
January 19th, 2003, 02:26 PM
|
|||
|
|||
|
ideas?
once again i think about quitting web business  this is "just another browser bug"... switch to another and see if it works then... - it has to work with any browser - it will probably work with few - probably you are forced to use a form-based authentication instead. workaround: output this: Code:
<html><head> <meta http-equiv="refresh" content="1;url=http://user: password@www.domain.com"> </head><body></body></html> - it should work with most browsers - if a javascript-disabled browser does not follow meta-refresh´s, i call it "broken". (all IEs up to V5.5 are, in IE6 this is finally independent.) - for these, i supply a link "if your browser does not forward you..." - now you know why the many other pages on the web do it... ... sometimes i really hate my job ... edit: afaik authentication is done using headers. maybe you can modify the request headers to pre-authenticate a user. not sure if this is possible in php though. Last edited by M.Hirsch : January 19th, 2003 at 02:30 PM.
|
|
| Viewing: Dev Shed Forums > System Administration > Apache Development > Protected Folders: Pass variables? |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
