Sessions and .htaccess 
Author Message
 Sessions and .htaccess

Hi all:

My site currentley uses htaccess. I would like to create a database or user
info and use part of this for their login details.
I have experimented a little with sessions with a little success. I am
worried that the files and documents available for download (all .zip or
.exe)
would be available via the full path eg http://host/pathto.exe. This fails
with htaccess in place.

I probably have not investigated this enough but what I need to know is
this:

The user will only get the list of downloads if the session is 'true' but a
link to the file may require a second login for htaccess if it in place. Is
there a method via PHP
that will satisfy htaccess when starting a session.

I have been unable to test this and as a result this may be a non issue but
if anybody has any pointers then please let me know.

TIA

MP (newb)



Mon, 27 Jun 2005 04:36:13 GMT  
 Sessions and .htaccess

Quote:
> Hi all:

> My site currentley uses htaccess. I would like to create a database or
user
> info and use part of this for their login details.
> I have experimented a little with sessions with a little success. I am
> worried that the files and documents available for download (all .zip or
> .exe)
> would be available via the full path eg http://host/pathto.exe. This fails
> with htaccess in place.

> I probably have not investigated this enough but what I need to know is
> this:

> The user will only get the list of downloads if the session is 'true' but
a
> link to the file may require a second login for htaccess if it in place.
Is
> there a method via PHP
> that will satisfy htaccess when starting a session.

> I have been unable to test this and as a result this may be a non issue
but
> if anybody has any pointers then please let me know.

> TIA

> MP (newb)

the .htaccess username is available in $GLOBALS['PHP_AUTH_USER'] (or
something similar).  You could use htaccess for validation of user and
password, and then use the provided username as key data in the rest of your
databases.


Mon, 27 Jun 2005 04:58:20 GMT  
 Sessions and .htaccess
Thanks. Thats a good start. But I have written a couple of functions that
allow remote user admin. This is a site that provides employees of a company
certain resources. As I no longer work for the said company, a third party
adds users. I have created a form that enables him to add a new employee.
This is processed and the user name becomes
"$the_first_char_of_the_first_name .$lastname". A random password is created
then all is emailed to the new guy.

Could the user && password be added to the htpassword file as it is added to
the DB??

I am trying to avoid manual htaccess but feel htaccess it is still
required.....

Thanks

MP


Quote:


> > Hi all:

> > My site currentley uses htaccess. I would like to create a database or
> user
> > info and use part of this for their login details.
> > I have experimented a little with sessions with a little success. I am
> > worried that the files and documents available for download (all .zip or
> > .exe)
> > would be available via the full path eg http://host/pathto.exe. This
fails
> > with htaccess in place.

> > I probably have not investigated this enough but what I need to know is
> > this:

> > The user will only get the list of downloads if the session is 'true'
but
> a
> > link to the file may require a second login for htaccess if it in place.
> Is
> > there a method via PHP
> > that will satisfy htaccess when starting a session.

> > I have been unable to test this and as a result this may be a non issue
> but
> > if anybody has any pointers then please let me know.

> > TIA

> > MP (newb)

> the .htaccess username is available in $GLOBALS['PHP_AUTH_USER'] (or
> something similar).  You could use htaccess for validation of user and
> password, and then use the provided username as key data in the rest of
your
> databases.



Mon, 27 Jun 2005 05:31:59 GMT  
 Sessions and .htaccess

Quote:
> Thanks. Thats a good start. But I have written a couple of functions that
> allow remote user admin. This is a site that provides employees of a
company
> certain resources. As I no longer work for the said company, a third party
> adds users. I have created a form that enables him to add a new employee.
> This is processed and the user name becomes
> "$the_first_char_of_the_first_name .$lastname". A random password is
created
> then all is emailed to the new guy.

> Could the user && password be added to the htpassword file as it is added
to
> the DB??

> I am trying to avoid manual htaccess but feel htaccess it is still
> required.....

> Thanks

> MP

Sure!

system("/usr/bin/htpasswd -b .htpasswd $USER $PW");

in addition to the normal stuff you mentioned.  There is, incidentally, a
way to handle user auth completely with PHP.  Observe:
http://www.php.net/manual/en/features.http-auth.php



Mon, 27 Jun 2005 07:00:12 GMT  
 Sessions and .htaccess
You have pointed me in the right direction and I am almost there I think!!

I was unable to get the system() method to work so my 'add_user' code now
adds the user name and CRYPTed password to a .htpasswd file
at the same time as adding to the DB.

All I need to do now is allow users to login via a form that sits within the
page (and not a pop-up htaccess dialogue) and when an .htaccess file is
encountered in a folder the ht pop-up does not happen as when logged in
through said pop-up.

I have tried this code during login:

        $_SERVER['PHP_AUTH_USER'] = $loginName;
        $pwd = crypt($entered_password, substr($entered_password, 0, 2));
        $_SERVER['PHP_AUTH_PW'] = $pwd;

The login code passes the MySQL tests then runs the above. BUT when I move
to a htaccess protected area I still get the pop-up although I can enter
using the same ID and PW.
The crypt part is identical to that used when the user is added.

Am I missing a something simple???

TIA

MP


Quote:


> > Thanks. Thats a good start. But I have written a couple of functions
that
> > allow remote user admin. This is a site that provides employees of a
> company
> > certain resources. As I no longer work for the said company, a third
party
> > adds users. I have created a form that enables him to add a new
employee.
> > This is processed and the user name becomes
> > "$the_first_char_of_the_first_name .$lastname". A random password is
> created
> > then all is emailed to the new guy.

> > Could the user && password be added to the htpassword file as it is
added
> to
> > the DB??

> > I am trying to avoid manual htaccess but feel htaccess it is still
> > required.....

> > Thanks

> > MP

> Sure!

> system("/usr/bin/htpasswd -b .htpasswd $USER $PW");

> in addition to the normal stuff you mentioned.  There is, incidentally, a
> way to handle user auth completely with PHP.  Observe:
> http://www.php.net/manual/en/features.http-auth.php



Mon, 04 Jul 2005 04:21:54 GMT  
 
 [ 5 post ] 

 Relevant Pages 

1. Subject: [Web Site] How-To: Easy CGI Session Handling with pso.session

2. Session notes from Fall DECUS DEC Fortran 90 session

3. session path : session.save_path

4. php keeps starting new sessions rather than use current session

5. Spawn a telnet session from a spawned telnet session

6. Subject: [Web Site] How-To: Easy CGI Session Handling with pso.session

7. how to use .htaccess and create .htpasswd Apache Win2000

8. htaccess

9. htaccess

10. How to get username info after .htaccess authorization

11. PHP + Apache .htaccess User ?

12. htaccess values

 

 
Powered by phpBB® Forum Software