Jul 20, 2008

Http Authentication Without Using The Popup
Free Web Hosting, No Ads > CONTRIBUTE > Computers > Programming Languages > PHP Programming

free web hosting

Http Authentication Without Using The Popup

moldboy
Jan 15 2006, 04:28 PM
As it is mentioned earlier on in this form I am trying to use HTTP authentication to add simple users control to my site, one thing I like about it is that the username and password are stored throught the entire session that way I don't have to enter into the realm of cookeis and session id's.

So now I was wondering, a) can I use a standard html forum and place the password and username values into $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] so that they will be reembered throuout the session, and cool.gif is this secure if it would work?

Reply

kvkv
Jan 30 2006, 07:59 AM
If you are trying to use this in your trap17 account, most probably you are out of luck. Most of the times, the webserver will be configured to run php in cgi mode. This is less problematic and has fewer security issues than the apache module version.

But http authentication is available in php only when it is used in the apache module mode and cgi mode does not support this.

Reply

moldboy
Jan 30 2006, 02:13 PM
No, I can use PHP HTTP atuhentication, I was just wondering if I could forgo the popup, and replace it with a standard login gui

Reply

Spectre
Jan 30 2006, 04:15 PM
QUOTE
... Most of the times, the webserver will be configured to run php in cgi mode. This is less problematic and has fewer security issues than the apache module version. ...


Uh, not quite. Running PHP as a CGI is far more problematic than the module version, and opens up a whole new level of security issues. I haven't viewed it for quite a while, but I seem to remember the official PHP installation guide recommending you install PHP as an Apache module if possible for these exact reasons.

Anyway...

moldboy, although not conventional and very inpractical, it's possible to authenticate users with Basic HTTP Authentication via PHP. I would recommend you write your own simple login system, but as you said you would rather not, the easiest way I can think of 'bypassing' the popup is by redirecting the user to the equivalent of http://username:password@domain.com/directory/ if that makes sense. This particular authentication method (along with some others) allows for the username and password to be passed along via the URI, so assuming the username and password were correct, their browser would not display a popup.

Basic HTTP Authentication uses session information to 'remember' authenticated users, so it's not really possible to have your script set up authentication and then pass credentials to the user. You could, however, have the script verify the login information prior to redirecting the user, to make sure they will not encounter a popup (which their browser will display if the login information is incorrect).

 

 

 


Reply


Got an Opinion! Express your Views! (no registration):-
Add your Reply/ Opinion/ Views/ Comments/ Suggestion/ Questions/ Queries etc.
Posts with decent grammar & English will be accepted and please refrain from profanities.
For asking a Question, We recommend you to sign-up (for free) so that you can track the topic easily.

Nature of your Post*: Opinion/ Reply/ Comments
Question/Query
Feedback to us.
       
Name   Email
Title/Question*

(Maximum characters: 10,000)
You have characters left.
Confirm Code:

Similar Topics

Keywords : http, authentication, popup

  1. Http_redirect() [resolved]
    (4)
  2. Mysql Authentication Problems
    (11)
    I installed the new version of both php and mysql on my computer and I am trying to work on a
    database. The problem is the following. Even though I have the latest version of both php and mysql,
    and I have created users in the new mysql version, I still get the problem that I get an error
    message about authentication problems. I have no clue what I am doing wrong. It did work for a short
    period of time, but somehow it is no longer working. Is there anyone who has a tutorial on how to
    install both php and mysql? I have the feeling that there are a lot of settings in my.in....
  3. Problem With $http_post_vars
    (3)
    I have a piece of code on one server that works and the same piece of code on another server does
    not. The difference is in the PHP verison & the Linux verison The one that works runs PHP4 on Redhat
    Linux. The one that doesn't runs PHP5 on SUSE Linux. Not sure if this is where the issue lies or
    not. I do know that in one case I see an adrress in searchable and in the other case it is null.
    PHP Code: CODE if ($HTTP_POST_VARS[addr]) {     $searchable =
    $HTTP_POST_VARS[addr];     echo "searchable = ".var_dump(....
  4. Http Authentication
    (2)
    I have a book called PHP and MySQL for dynamic web sites by Larry Ullman, and it's a very good
    book which I would recomend to anyone wanting to learn, but I followed a project in this book, not
    letter by letter, and it won' work. I wrote this code to create an authentication script that
    will only work with one user but allow the credientals to be passed from one page to another. So
    here's the code CODE <?PHP $aut = FALSE;   //Check for user variables if (
    (isset($_server['PHP_AUTH_USER']) AND isset(�....
  5. Need Help...again............
    Authentication -_- (5)
    Ok, vizskywalker was finally able to solve the problem with my registration, but when I tried to
    login with my testaccount, it just continuously give me the "wrong username/password" error, i
    registered a new account and tried again, but still fails... here's the authentication page...:
    CODE <?php $user = $_POST['username']; $pass =
    $_POST['password']; $user=strip_tags($user);
    $pass=strip_tags($pass); $user=str_replace("
    ","",$user); ....
  6. Ftp Script Problems - Authentication Failure
    (3)
    I uploaded the code as a text file because it's pretty big: http://beeseven.trap17.com/ftp.txt
    As I said it can't login. I get this error: Warning : ftp_login(): Authentication failed,
    sorry in /home/beeseven/public_html/ftp.php on line 45 I think it might have something to do
    with character encoding, but I'm not sure. If you think it is, what kind of encoding would work
    as if I typed it directly? I tried putting it in the file, but then I got the missing required
    fields error.....


      7. Looking for http, authentication, popup

Searching Video's for http, authentication, popup
advertisement



Http Authentication Without Using The Popup



 

 

 

 

ADD REPLY / Got an Opinion! Remove these ADs! RAPID SEARCH! Free Web Hosting [X]
Express your Opinions, Thoughts or Contribute more info. to help others.
Ask your Doubts & Queries to get answers, So that "Together We can help others!" 		Register FREE for AD-FREE forum, Create your own topics, Ask Questions, track topics, setup subscriptions & notifications and Get a Free Website w/ Email and FTP.
500MB Space *No Ads*, CPanel, FTP, PHP, MySQL, EMails - 100% FREE