#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2000
    Posts
    36
    Rep Power
    14
    Thanks to everyone that has responded to my questions in the past. When a user enters their name and password dose htaccess return the username as a veriable that can be used to identify the user and be passed to php. If so where can I get more info on htaccess.

    ------------------
    Thanks Dr.E.L.
  2. #2
  3. No Profile Picture
    freebsd
    Guest
    Devshed Newbie (0 - 499 posts)
    >>dose htaccess return the username as a veriable

    htaccess doesn't but REMOTE_USER does

    >>that can be used to identify the user and be passed to php

    Yes, but you need to protect your php file(s) as well. Otherwise, REMOTE_USER won't give you a value.

    >>If so where can I get more info on htaccess

    You shouldn't rely on REMOTE_USER. Instead, with PHP, you should use session.

    If you insist on using htaccess to protect your files, and let say you want to protect some but not all the files in a particular directory, place this .htaccess in there:

    <FilesMatch "a.php|b.php|c.php">
    AuthName "Member Only"
    AuthType Basic
    AuthUserFile /path/to/one/common/.htpasswd
    require valid-user
    </FilesMatch>

    This way, a.php, b.php and c.php can get the value of REMOTE_USER as well as the authentication. Note, they will get login prompt only once per browser session.

    [This message has been edited by freebsd (edited June 20, 2000).]
  4. #3
  5. No Profile Picture
    Robert_J_Sherman
    Guest
    Devshed Newbie (0 - 499 posts)
    <BLOCKQUOTE><font size="1" face="Verdana,Arial,Helvetica">quote:</font><HR>Originally posted by freebsd:
    <FilesMatch "a.php|b.php|c.php">
    AuthName "Member Only"
    AuthType Basic
    AuthUserFile /path/to/one/common/.htpasswd
    require valid-user
    </FilesMatch>
    [/quote]

    Now, this is interesting, and I'm wondering how you would apply a "LIMIT" to this?

    would the limit statement surround the "filesMatcH' or go inside it?



    ------------------
    SnR Graphics,
    Low Cost Hosting and Web Development.
  6. #4
  7. No Profile Picture
    freebsd
    Guest
    Devshed Newbie (0 - 499 posts)
    >>surround the "filesMatcH' or go inside it?

    Go inside it.

    <FilesMatch "a.php|b.php|c.php">
    <Limit POST PUT HEAD DELETE>
    Order deny,allow
    Deny from all
    </Limit>
    <Limit GET>
    Order allow,deny
    Allow from all
    </Limit>
    AuthName "Member Only"
    AuthType Basic
    AuthUserFile /path/to/one/common/.htpasswd
    require valid-user
    </FilesMatch>

    This deny POST PUT HEAD DELETE but allow GET and others. This is just an example, the <Limit GET> doesn't make much sense. So you should put as many methods to the DENY block as possible.

    [This message has been edited by freebsd (edited June 20, 2000).]
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2000
    Posts
    36
    Rep Power
    14
    Thanks for the reply. Let me clearify what I want to do. I have a dir that is protected by htaccess with the php files that I want protected. There are a limited number of users that will have access. When someone logs in I want to retreive some data from the login name to use with the php to send them to the corect page etc.

    ------------------
    Thanks Dr.E.L.
  10. #6
  11. No Profile Picture
    Robert_J_Sherman
    Guest
    Devshed Newbie (0 - 499 posts)
    <BLOCKQUOTE><font size="1" face="Verdana,Arial,Helvetica">quote:</font><HR>Originally posted by freebsd:
    >>surround the "filesMatcH' or go inside it?

    Go inside it.

    [This message has been edited by freebsd (edited June 20, 2000).]
    [/quote]

    Let me throw this one at you. What if you wanted to protect the document in the root directory (via password) but you wanted to allow access to a "sub directory", like via a sub domain?

    I only ask, because I recently went threw this, and couldn't find a solution, I scrummed through the Documentation on Apache's site, but just couldn't find an answer.

    Granted, with PHP a single document can be set to 401. Which makes things even more smooth.

    ------------------
    SnR Graphics,
    Low Cost Hosting and Web Development.
  12. #7
  13. No Profile Picture
    Robert_J_Sherman
    Guest
    Devshed Newbie (0 - 499 posts)
    <BLOCKQUOTE><font size="1" face="Verdana,Arial,Helvetica">quote:</font><HR>Originally posted by Dr_E_lectric:
    Thanks for the reply. Let me clearify what I want to do. I have a dir that is protected by htaccess with the php files that I want protected. There are a limited number of users that will have access. When someone logs in I want to retreive some data from the login name to use with the php to send them to the corect page etc.
    [/quote]

    If it were me, I think I would set up an access database, and at "login" an id match be made and a "location: [their page]" be used, this would pretty easily solve the problem.



    ------------------
    SnR Graphics,
    Low Cost Hosting and Web Development.
  14. #8
  15. No Profile Picture
    freebsd
    Guest
    Devshed Newbie (0 - 499 posts)
    >>What if you wanted to protect the document in the root
    >>directory (via password) but you wanted to allow access
    >>to a "sub directory"

    Use "LocationMatch" instead of "FilesMatch".
    Whatif I used FilesMatch, all the a.php, b.php and c.php in subdirectories under the root directory would also require authentication.
    I used FilesMatch as an example earlier cause .htaccess accept this directive while LocationMatch needs to alter httpd.conf file.

    <LocationMatch ^/(a|b|c).php$>
    <Limit GET>
    Order allow,deny
    Allow from all
    </Limit>
    <Limit POST PUT HEAD DELETE>
    Order deny,allow
    Deny from all
    </Limit>
    AuthName "Member Only"
    AuthType Basic
    AuthUserFile /path/to/one/common/.htpasswd
    require valid-user
    </LocationMatch>

    In this example, http://www.foo.com/a.php http://www.foo.com/b.php http://www.foo.com/c.php
    would require authentication.
    http://www.foo.com/any_others.php http://www.foo.com/subdir/a.php
    would not require authentication. In addition, this two can't get a value of REMOTE_USER.

    #############################################

    Dr_E_lectric,

    >>When someone logs in I want to retreive some data
    >>from the login name

    As I mentioned previously, REMOTE_USER will give you the username of your member. Be sure to protect the appropriate files.

    >>I have a dir that is protected by htaccess
    For a single directory, simply place this .htaccess into that directory.

    AuthName "Member Only"
    AuthType Basic
    AuthUserFile /path/to/.htpasswd
    require valid-user

    REMOTE_USER should return a value for all your php files in that directory.
  16. #9
  17. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2000
    Posts
    36
    Rep Power
    14
    Thanks for the replies. freebsd wrote the following
    For a single directory, simply place this .htaccess into that directory.

    AuthName "Member Only"
    AuthType Basic
    AuthUserFile /path/to/.htpasswd
    require valid-user

    it would help if I knew how to. should this be somefile.htaccess or what?



    ------------------
    Thanks Dr.E.L.
  18. #10
  19. No Profile Picture
    freebsd
    Guest
    Devshed Newbie (0 - 499 posts)
    >>should this be somefile.htaccess or what?

    .htaccess has no file name, it's a hidden file.
    If you get .htaccess.txt, you need to rename it to ".htaccess".
  20. #11
  21. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2000
    Posts
    0
    Rep Power
    0
    Could you also use :

    <FilesMatch "*.php*|*.htm*">

    for ALL files matching extentions ?

  22. #12
  23. No Profile Picture
    freebsd
    Guest
    Devshed Newbie (0 - 499 posts)
    Yes. But you don't want to do this -> <FilesMatch "*.php*|*.htm*">

    Instead, it should be something like:

    <FilesMatch ".(php3?|html?)$">

    This matches *.php, *.php3, *.htm and *.html extension but doesn't match foobar.html.txt

Similar Threads

  1. Passing POST variables
    By rlorenzo in forum PHP Development
    Replies: 11
    Last Post: June 6th, 2004, 02:00 PM
  2. help with assigning variables, variable passing/ retrieval
    By pinkipodmini in forum PHP Development
    Replies: 0
    Last Post: February 13th, 2004, 09:40 PM
  3. Replies: 2
    Last Post: February 10th, 2004, 11:03 PM
  4. functions and variables
    By uniopp in forum PHP Development
    Replies: 7
    Last Post: September 25th, 2003, 09:43 AM
  5. Automatically creating class variables
    By dreamstring in forum PHP Development
    Replies: 1
    Last Post: August 15th, 2003, 09:12 AM

IMN logo majestic logo threadwatch logo seochat tools logo