NYCPHP Meetup

NYPHP.org

[nycphp-talk] Apache/PHP Authentication - Again

paul at weinberg.com paul at weinberg.com
Fri Jan 31 10:00:19 EST 2003


OK, here is a silly idea:

After you authenticate in your code, you make an HTTP
request to yourself to get the file.  That should go
through Apache again.  You have to supply the
authentication headers.  You then just stream the byes
back to the client.

NOTE:  There ia deadlock potential if the number of
Apache children is set too low.

Paul

BTW, there is always mod_perl :)

On Fri, 31 Jan 2003 06:57:03 -0800 (PST), "Griffith
Feeney" wrote:

> 
> Thanks to those who replied to my earlier post
(below).
> It's taken me a
> while to get on with this.
> 
> The files I need to protect are mostly binary, so I
> can't use a solution
> that involves inserting authentication code at the top
> of PHP pages.
> 
> The approach suggested in
> <a
href="http://mail.weinberg.com/jump/http://www.zend.com/zend/trick/tricks-august-2001.php">http://www.zend.com/zend/trick/tricks-august-2001.php</a>
> (put the files
> outside the document root and use PHP to read them,
> supply headers, and
> forward) will work, but it would be much simpler to be
> able to password
> protect all files in any specified set of directories
> using Apache
> htaccess. The problem with this is updating the user
> list, which is large
> and in MySQL. The web hosting service doesn't support
> mod_auth_mysql.
> 
> What I would like to do is
> 
> 1 set up .htaccess protected directories with a single
> user name and
> password,
> 
> 2 use a PHP page to authenticate users (user by user)
> against a MySQL
> database, and
> 
> 3 have the PHP page send requests from authenticated
> users to the server
> with the basic authentication header, so that the
> Apache authentication
> window does *not* pop-up, the server having already
> received basic
> authentication credentials.
> 
> This last step is not possible directly, but I thought
> that it might be
> accomplished indirectly using a redirect header, like
> this.
> 
> <?php header('Location:
> <a
href="http://mail.weinberg.com/jump/http://www.domainname.com/members/membershome.php">http://www.domainname.com/members/membershome.php</a>');
>       header('Authorization:
base64_encode("abc:123")');
> ?>
> 
> This doesn't work. Is there any way to make this idea
> work?
> 
> 
> 
> --- Unsubscribe at <a
href="http://mail.weinberg.com/jump/http://nyphp.org/list">http://nyphp.org/list</a>/ ---



More information about the talk mailing list