NYCPHP Meetup

NYPHP.org

[nycphp-talk] Apache/PHP Authentication

Kayra Otaner kayraotaner at yahoo.com
Fri Jan 17 18:38:36 EST 2003


Hi,
You may use $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] to simulate HTTP authentication
similar to Apache's own internal one. You need to ask for these variables using :

if(!isset($PHP_AUTH_USER)) {
	Header("WWW-Authenticate: Basic realm=\\"Security Checking!!!\\"");
	Header("HTTP/1.0 401 Unauthorized");
	echo  "Authentication Problem...\
";
	exit;
	}

or similar code. After this step $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] will be
defined by Apache and stored to the session (I'm not talking about Php sessions) for future
references. You need to put above code to the 'index.php' (and may be to the others also) and need
to check those two variables on all other secured pages (from database off course) to ensure
security.

I hope this helps

Best

Kayra Otaner

PS : I'm looking for job/projects, does anyone looking for Php Developer/System Administrator?


--- Jim Hendricks <jim at bizcomputinginc.com> wrote:
> I use PHP to authenticate against mySQL and then store login info in the
> session.  Then it's a simple affair to check at the top of each page if the
> login info is good, if not divert to login.  I have the code that checks the
> login state as a seperate file that I include in all my pages that need to
> be secured.
> 
> Jim
> ______________________________________________________________
> Jim Hendricks, President, Biz Computing, Inc
> Phone:  (201) 599-9380     Email: jim at bizcomputinginc.com
> Web: www.bizcomputinginc.com
> Snail:  Jim Hendricks,  Biz Computing, Inc.,  255 McKinley Ave, New Milford,
> NJ 07646
> ______________________________________________________________
> 
> ----- Original Message -----
> From: "Griffith Feeney" <feeney at un.org>
> To: "NYPHP Talk" <talk at nyphp.org>
> Sent: Friday, January 17, 2003 10:30 AM
> Subject: [nycphp-talk] Apache/PHP Authentication
> 
> 
> > I would like to use Apache authentication to password protect certain
> > directories that contain mostly binary files. With 1600+ users, I don't
> > want to authenticate against a text file, especially as there is already a
> > mysql database available for the purpose. The webhosting provider doesn't
> > provide mod_auth.
> >
> > I'm thinking of using a PHP page to authenticate against the mysql
> database
> > and, once a user is authenticated, have the PHP page send the server an
> > htaccess user name and password. The latter would be changed from time to
> > time, but would be the same for all users. High security is not required
> > here.
> >
> > I've spent many hours reading around on the web on the subject, but don't
> > find anything along these lines, and being a rank beginner in PHP, I don't
> > want to spend time trying to implement this idea if it is unworkable.
> >
> > Does anybody know of an implementation, or have an idea of whether or not
> > this could be made to work? Thanks!
> >
> >
> >
> > 
> >
> >
> >
> >
> >
> 
> 
> 
> 
> --- Unsubscribe at http://nyphp.org/list/ ---
> 
> 


__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com



More information about the talk mailing list