I would like to take the username/password in a HTML page, POST it to a PHP script, which validates it against HTACCESS to redirect to a HTACCESS protected directory.
Starting point: www.mysite.com/login.html -> Forms w/ POST method -> www.mysite.com/login.php -> validate against HTACCESS -> www.mysite.com/restricted/
Is this possible?
If so, can somebody throw me some code? Or a website with a good example? Everything I’ve managed to find on Google has led to failure.
Thanks in advance
As far as I know this is not possible. Htaccess is between the webserver and the browser. You cannot set username and password in the html code, so that the htaccess-dialog will automatically use it. (By the way, this would mean transferring username and password clear case, which you surely do not want to.)
I was able to get this working… sort of. But it’s not exactly what I want…
What I have is this.
LOGIN.PHP:
[php]<?php
//sucks in user/pass from POST
$user = $_POST[‘user’];
$pass = $_POST[‘pass’];
$userpass = $user . “:” . $pass;
// HTTP authentication
$url = “http://website/directory/”;
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_USERPWD, $userpass);
$result = curl_exec($ch);
$httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
// If credentials were good, HTTP code will be ‘200’, and we go on.
// If not, we go back
if($httpcode == 200){
header("Authorization: Basic " . base64_encode($userpass));
//header(“Location: http://website/directory/”);
echo $result;
}else{
header(“Location: http://website/start.html”);
}
?>[/php]
This will display the contents of [font=courier]http://website/directory/[/font]. However, the browser URL will read [font=courier]http://website/login.php[/font]. Though this is a handy trick for the future, what I really want it [font=courier]login.php[/font] to pass the HTTP-AUTH parameters along with a redirect, and move the page to [font=courier]http://website/directory/[/font], so that the URL bar actually reads that.
Here’s what I have working at the moment:
[php]<?php
//sucks in user/pass from POST
$user = $_POST[‘user’];
$pass = $_POST[‘pass’];
$userpass = $user . “:” . $pass;
// HTTP authentication
$url = “http://website/directory/”;
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_USERPWD, $userpass);
$result = curl_exec($ch);
$httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
// If credentials were good, HTTP code will be ‘200’, and we go on.
// If not, we go back
if($httpcode == 200){
header(“Location: http://” . $userpass . “@website/directory/”);
}else{
header(“Location: http://website/start.html”);
}
?>[/php]
This actually works. However, it is transmitting user/pass in the URL. I had hoped for something more graceful than this. If anyone has any suggestions, it would be appreciated. Thanks.