http-auth without pop-up window...

Hi there

Can some1 tell me how I can use http authantification (using either htaccess file or mysql database) without getting the authantification window?...

for example using a usual form instead...I've searched in a whole bunch of pages but didn't find anything...

plz help

have this piece of code in a function or something somewhere :


then you need to have a single locked directory.. not the same dir as the php page you're in. set $path to go point there (without http://domainname, just "/lockeddir/index.htm")

Set $host to whichever machine has the locked dir (ie. you can use the authentication userbase from another machine), $port to 80 (if using standard http) and that should be that..

you will need to modify the code slightly for your use (ie. put into a function), i can't copy my entire function coz it's inside a bunch of other stuff..

good luck

call me stupid but I don't really know how to use it...

well, the

print_r($splt);

works fine. It says bla bla 200 OK if i remove the .htaccess, but when I add the .htaccess access it says 401 Authorization Required...

so...do I have to add anything, that it really authorizes or something?

I'm no newb, but actually never hat to deal with auths and so on ;)

you are using basic authentication right?

btw : you have also set $config["username"] and $config["pwd"]?

else, try posting the .htaccess, maybe i can spot something

.htaccess:

AuthType Basic
AuthName "Clients Login"
AuthUserFile /not/important/i/guess
require valid-user

config[username] and config[pwd] I've set to a default user (for testing)

And it displays the page when you go to the actual URL and type in the username+pwd?

The fputs($fp, "Authorization: Basic ".base64_encode("$config[username]:$config[pwd]")."rn"); bit is what handles the authorization, and I took the format from the HTTP RFC, so it's supposed to work fine.. hmm.. maybe you need extra content, but that's way weird, coz i've been using it quite a bit..

But then, we've been using it in conjunction with IIS (as the auth host), maybe there's something slightly different in Apache, but as far as i know, they're supposed to handle authentication in the same way..

maybe try posting your entire modified script? (even a simplified version that almost if there's stuff you don't want anybody else to see ;))

*slaps herself*

uhm...now thats what I call dumb

the .htpasswd was in the wrong dir, cause it's a subdomain and I mixed somethings up

it says 200 OK now ...one final problem now...

the login.php (where your code is) says OK...why doesnt it show up the locked site, which it has authed for, directly?...it just stays white ...do I have to insert some kind of redirect or something?

waaah I feel like a newb bothering u with such questions

my code simply uses the locked site for authentication and returns true or false. If it returns true, you need to write your php to show the site and the content and stuff..

ie. this code is really just like "check if user can login and see site" thing. you have to do the rest to show it..

don't worry, i'm a patient guy... besides, this stuff was quite an interesting ride for myself to figure out a while ago

oohh thx a lot

i thought i missed a part where u redirect or something to the locked site

didnt expect to page to be php

used a header(Location bla) now, and it works fine (cause actually the pages are plain html )

thx a lot

Anytime! I'm glad i could help ;)

btw: if you do a header("location:"), is it going to the locked site? if not, what stops people from just going straight there? if it is locked, i'm surprised that it actually works.

actually it works...i mean....ur code already authed the locked part...so why shouldnt it work?

Yeah, but it authed it from the locked part.... using itself as the authentication machine and doesn't send the "successfully authed" bit back to the browser.

If you go to the same place the header("location:") takes you, i bet you don't need to log in there..... if it is properly locked, then i'm one very confused person.

uhm...why did i post as anonymous?

ok actually it doesnt work...maybe the browser was still authed, when i entered the pass in the usual pop up window....just tried it at another pc and it didnt work

got any hints how i can solve this?....i'm kinda confused now

i'm guessing, but try this :

header("Authorization: Basic ".base64_encode("$config[username]:$config[pwd]"));

before the header("location");

I'm sucking this out my thumb.