htaccess help question [Archive] - CirtexHosting Community

View Full Version : htaccess help question

dvdriot

03-22-2007, 02:42 AM

Hello,

Not sure if this is possible or if anyone would have any idea, but this is what I am trying to do.

I have a folder/directory password protected using cpanels web protect. To access the folder or site a user would obviously input username/pass.

Once verified they will be at my website which uses a mysql database for users to login with a user/pass.

Which means logging 2 times. Once for web protect and once for mysql or whatever.

Now what I was wondering is if there is some way to allow the user or pass the username/pass on to the website mysql at the same time eliminating the second step/login?

I was thinking there was a way to edit the .htaccess somewhere somehow to pass the info on to the website's database, but I really have no idea.

Hope I didn't make this too confusing.

Anyway if anyone had any ideas, or knows how to do this it would be greatly appreciated.

Thanks.
Jeremy

grant

03-22-2007, 06:36 AM

What do you have in the protected files. I modified a script to use geeklog user authentication to check if a user has permission to download a file then it grabs the file from outside the web root (above public_html in file system) So the only way to access files is through the script. The .htaccess way would probably require populating the password file with a php script. I'm not quite sure how to do that, but I'm sure it could be done.
Here's a link to my first idea. http://www.geeklog.net/forum/viewtopic.php?showtopic=74624

It only takes 3 extra lines of code to use geeklog's user authentication to the script. I'm sure it would be similar for almost anything.

SecondV

03-25-2007, 04:38 AM

Look into:

$_SERVER['PHP_AUTH_USER']
$_SERVER['PHP_AUTH_PW']

Untested, but here's an example:

<?php

if (!isset($_SERVER['PHP_AUTH_USER']))
{
header("WWW-authenticate: basic realm=\"Restricted\"");
header("HTTP/1.0 401 Unauthorized");
?>
<blockquote>
In order to enter this section of the web site, you must be a registered user. If you are a registered user and you are having trouble logging in, please contact us.
</blockquote>
<?php

exit;
}
else
{
// MySQL Connection Info Here

$user = mysql_real_escape_string(trim(stripslashes(strip_t ags($_SERVER['PHP_AUTH_USER']))));
$password = mysql_real_escape_string(trim(stripslashes(strip_t ags($_SERVER['PHP_AUTH_PW']))));

if (mysql_num_rows(mysql_query("
SELECT *
FROM users
WHERE username='$user'
AND password='$password'
LIMIT 1
")) == 0)
{
header("WWW-authenticate: basic realm=\"Restricted\"");
header("HTTP/1.0 401 Unauthorized");
?>
<blockquote>
In order to enter this section of the web site, you must be a registered user. If you are a registered user and you are having trouble logging in, please contact us.
</blockquote>
<?php

exit;
}

// They are logged in, do whatever.
}

?>

HTH