HTACCESS help please

I would like to take the username/password in a HTML page, POST it to a PHP script, which validates it against HTACCESS to redirect to a HTACCESS protected directory.

Starting point: www.mysite.com/login.html -> Forms w/ POST method -> www.mysite.com/login.php -> validate against HTACCESS -> www.mysite.com/restricted/

Is this possible?

If so, can somebody throw me some code? Or a website with a good example? Everything I’ve managed to find on Google has led to failure.

Thanks in advance

As far as I know this is not possible. Htaccess is between the webserver and the browser. You cannot set username and password in the html code, so that the htaccess-dialog will automatically use it. (By the way, this would mean transferring username and password clear case, which you surely do not want to.)

I was able to get this working… sort of. But it’s not exactly what I want…

What I have is this.

  1. [font=courier]http://website/start.html[/font], which contains a form that will POST the user/pass to …
  2. [font=courier]http://website/login.php[/font], which will validate user/pass before displaying …
  3. [font=courier]http://website/directory/[/font], which is protected by .htaccess & .htpasswd

LOGIN.PHP:
[php]<?php

//sucks in user/pass from POST
$user = $_POST[‘user’];
$pass = $_POST[‘pass’];
$userpass = $user . “:” . $pass;

// HTTP authentication
$url = “http://website/directory/”;
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_USERPWD, $userpass);
$result = curl_exec($ch);
$httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);

// If credentials were good, HTTP code will be ‘200’, and we go on.
// If not, we go back
if($httpcode == 200){
header("Authorization: Basic " . base64_encode($userpass));
//header(“Location: http://website/directory/”);
echo $result;
}else{
header(“Location: http://website/start.html”);
}

?>[/php]

This will display the contents of [font=courier]http://website/directory/[/font]. However, the browser URL will read [font=courier]http://website/login.php[/font]. Though this is a handy trick for the future, what I really want it [font=courier]login.php[/font] to pass the HTTP-AUTH parameters along with a redirect, and move the page to [font=courier]http://website/directory/[/font], so that the URL bar actually reads that.

Here’s what I have working at the moment:

[php]<?php

//sucks in user/pass from POST
$user = $_POST[‘user’];
$pass = $_POST[‘pass’];
$userpass = $user . “:” . $pass;

// HTTP authentication
$url = “http://website/directory/”;
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_USERPWD, $userpass);
$result = curl_exec($ch);
$httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);

// If credentials were good, HTTP code will be ‘200’, and we go on.
// If not, we go back
if($httpcode == 200){
header(“Location: http://” . $userpass . “@website/directory/”);
}else{
header(“Location: http://website/start.html”);
}

?>[/php]

This actually works. However, it is transmitting user/pass in the URL. I had hoped for something more graceful than this. If anyone has any suggestions, it would be appreciated. Thanks.

Sponsor our Newsletter | Privacy Policy | Terms of Service