Apache Friends Support Forum


https://community.apachefriends.org/f/

.htpasswd

https://community.apachefriends.org/f/viewtopic.php?f=16&t=32171

Page 1 of 1

.htpasswd

PostPosted: 29. November 2008 03:36
by JonNielsen
Hello - quick question.

I got a directory password protected, lets says with the following user/pass:

user:test

Is it possible that i can tell the browser (by sessions?), that the user already HAS logged in - so that it can authorize him, without prompting him to write user/pass?

PostPosted: 29. November 2008 17:17
by glitzi85
I do not full understand what you want to do?

When you request a protected URL the Browser will ask you for the credentials. Then he will pass this data to the Webserver in every following Request, as the Webserver requests this password for every ressource. A Webserver do not know the word Session.

glitzi

PostPosted: 30. November 2008 00:39
by JonNielsen
glitzi85 wrote:I do not full understand what you want to do?

When you request a protected URL the Browser will ask you for the credentials. Then he will pass this data to the Webserver in every following Request, as the Webserver requests this password for every ressource. A Webserver do not know the word Session.

glitzi


Hi again, glitzi85.

Yes i know the webserver doesn't understand the word session.

When a user logs into a /forbidden-folder, and types the right user/pass, and gets access - afterwards the server (or browser?) remembers it (like a session), so he doesn't have to re-type it, once he comes back.

So the user/pass must be stored somewhere?

What i want, in my login.php, is to add something like:

"The user has logged in correct - to the website (normal login, like to a phpboard like this). When you prompt the user, entering a forbidden-zone, use his user/pass - which he has already logged in with"


All your help is appreciated - gotta learn somehow ;) So don't mind my dumb questions.

PostPosted: 30. November 2008 00:49
by JonNielsen
Okay i'll try reply again, if my first reply was a bit weird.

In my "community", people logs in by login.php. It creates sessions for the user's username and password.

Later, the user needs to access some files, that is in HIS private folder - which is password protected by ".htpasswd".

But the server doesn't understand that the user already is logged in.. so it prompts him the user/pass for the folder. (but it's the same user/pass as he logged in with, to the community).

PostPosted: 01. December 2008 13:44
by JonNielsen
bump :).

PostPosted: 01. December 2008 13:56
by glitzi85
OK, now i understand.

I guess you just link to the protected file. In this case the Browser requests the file from the Webserver, which want's the login data. You can not prevent this.

I would do it in this way:

Create a php file outside the forbidden folder. There check whether the user session is correct or not. If it is correct, then server the data via this php file. That can end up in a lot of programming, as you must clean up the request for handling in the file system and also must detect the MIME-Type of the file (if you want to serve multiple File types). With XAMPP i think this is not possible, as the mime_content_type function is not working correct (at least i could not get it up running) and the finfo-extension is not available in the current PHP-Version of XAMPP.

glitzi
All times are UTC + 1 hour
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/