Recently the following topic was started in the htaccessElite forum
What happens is that the member logs into a membership program (which starts
$_SESSION["pword"]. Once logged in they are directed to a screen that shows them the protected directories that they are allowed to visit. They then click that link and it takes them to the directory and the apache login prompt asks them AGAIN for the username and password which is stored in the .htpasswd as well as the database. What I want to do is bypass the 2nd (apache login) prompt and give them direct access using the $_SESSION variables. But meanwhile keeping the .htaccess file to stop others from gaining access or linking directly to that directory and if no $_SESSION variables are present, utilize the apache login prompt. Hope that makes sense.
- PHP: CURL, Client URL Library Functions
- PHP header
- PHP: HTTP Authentication
- Curl Tutorial
- Sending POST data with curl
< ?php $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, 'http://www.example.com'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); curl_setopt(CURLOPT_USERPWD, '[username]:[password]') $data = curl_exec(); curl_close($ch); ?>
< ?php $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, 'http://www.example.com'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY); curl_setopt(CURLOPT_USERPWD, '[username]:[password]') $data = curl_exec(); curl_close($ch); ?>
You can use a handler setup in .htaccess. You could code:
AddHandler mywrapper .html Action mywrapper /secure.php
in your .htaccess file. Then everytime somebody access a file that ends in .html it will execute the php script secure.php. Now you just write a script that implments the security you need. The user has no clue that there is a php script that is doing security. If you have other file types you just add AddHandler mywrapper .xxx where xxx is all of the file types you want to secure. I recently had to do this because I needed to use a back end security product that there was no built in support for in Apache and the 20 lines of PHP code was 1,000 times simpler for me than attempting to write C/C++ code to do what I wanted.