HTTP-auth workaround

[Steven Stern]

I'm looking for a way to force basic http autentication from within a PHP
script.

Here's the situation:

I have an exisiting system that first authenticates people via the aMemberPro
package. In the "old days", aMemberPro then moved the user to a page inside a
directory protected with .htaccess basic authentication. It used the URL
format [url]http://name:password@server.directory.page.html[/url]. When the IE6 update
came out, this syntax no longer worked.

As a workaround, the "name:password@" was removed. Now, users have to login to
the aMemberPro page then login again to the protected content of the website.

I have access to the userid and password. Is there a way that I can set things
up right before the user is redirected to the server/directory/page.html
inside the protected directory so the web server's authentication will be
satisifed and the user will not be prompted again for userid/password?

I've tried plugging values for $_SERVER[remote_user], but I still get prompted
by the server for userid/password.

Thanks for any suggestions.

[Justin Koivisto]

Steven Stern wrote:

> Here's the situation:
>
> I have an exisiting system that first authenticates people via the aMemberPro
> package. In the "old days", aMemberPro then moved the user to a page inside a
> directory protected with .htaccess basic authentication. It used the URL
> format [url]http://name:password@server.directory.page.html[/url]. When the IE6 update
> came out, this syntax no longer worked.
>
> As a workaround, the "name:password@" was removed. Now, users have to login to
> the aMemberPro page then login again to the protected content of the website.
>
> I have access to the userid and password. Is there a way that I can set things
> up right before the user is redirected to the server/directory/page.html
> inside the protected directory so the web server's authentication will be
> satisifed and the user will not be prompted again for userid/password?
>
> I've tried plugging values for $_SERVER[remote_user], but I still get prompted
> by the server for userid/password.
>
> Thanks for any suggestions.

One possibility is not to actually direct over there. Use a wrapper
script to get the page content and display it based on the user/pass
already used.

For instance, write a script that does something like:

readfile('http://'.$username.':'.$password.'@www.example.com/dir/file.html');

So what you'd do is redirect to this page, get the user/pass, add it to
the above line, and end the script. If you want the user to click
through links in the pages there, your best bet is to have them just log
in a second time...

Hmm... a better solution is to use the Basic Auth as the login in the
first place, even if you want to use PHP to do it:

[url]http://us2.php.net/features.http-auth[/url]

--
Justin Koivisto - [email]spam@koivi.com[/email]
PHP POSTERS: Please use comp.lang.php for PHP related questions,
alt.php* groups are not recommended.

[Steven Stern]

On Tue, 27 Apr 2004 18:25:45 GMT (more or less), Justin Koivisto
<spam@koivi.com> wrote:

>Hmm... a better solution is to use the Basic Auth as the login in the
>first place, even if you want to use PHP to do it:
>
>[url]http://us2.php.net/features.http-auth[/url]

That's where I started. I may yet wind up re-writing things so I get the
id/psw, check it against aMember's database, then go on with the http-auth
login. My hope is that I can do this with the minumum modification to
existing code. It's a website I inherited and I don't have a complete
understanding (yet) of how the aMember system works.

[Terence]

Steven Stern wrote:

> I'm looking for a way to force basic http autentication from within a PHP
> script.
>

And here it is
[url]http://www.php.net/manual/en/features.http-auth.php[/url]