Hello - quick question.
I got a directory password protected, lets says with the following user/pass:
user:test
Is it possible that i can tell the browser (by sessions?), that the user already HAS logged in - so that it can authorize him, without prompting him to write user/pass?
.htpasswd
6 posts
• Page 1 of 1
.htpasswd
by JonNielsen » 29. November 2008 03:36
- JonNielsen
- Posts: 19
- Joined: 13. November 2008 06:09
by glitzi85 » 29. November 2008 17:17
I do not full understand what you want to do?
When you request a protected URL the Browser will ask you for the credentials. Then he will pass this data to the Webserver in every following Request, as the Webserver requests this password for every ressource. A Webserver do not know the word Session.
glitzi
When you request a protected URL the Browser will ask you for the credentials. Then he will pass this data to the Webserver in every following Request, as the Webserver requests this password for every ressource. A Webserver do not know the word Session.
glitzi
-
glitzi85 - Posts: 1920
- Joined: 05. March 2004 23:26
- Location: Dahoim
by JonNielsen » 30. November 2008 00:39
glitzi85 wrote:I do not full understand what you want to do?
When you request a protected URL the Browser will ask you for the credentials. Then he will pass this data to the Webserver in every following Request, as the Webserver requests this password for every ressource. A Webserver do not know the word Session.
glitzi
Hi again, glitzi85.
Yes i know the webserver doesn't understand the word session.
When a user logs into a /forbidden-folder, and types the right user/pass, and gets access - afterwards the server (or browser?) remembers it (like a session), so he doesn't have to re-type it, once he comes back.
So the user/pass must be stored somewhere?
What i want, in my login.php, is to add something like:
"The user has logged in correct - to the website (normal login, like to a phpboard like this). When you prompt the user, entering a forbidden-zone, use his user/pass - which he has already logged in with"
All your help is appreciated - gotta learn somehow
So don't mind my dumb questions.- JonNielsen
- Posts: 19
- Joined: 13. November 2008 06:09
by JonNielsen » 30. November 2008 00:49
Okay i'll try reply again, if my first reply was a bit weird.
In my "community", people logs in by login.php. It creates sessions for the user's username and password.
Later, the user needs to access some files, that is in HIS private folder - which is password protected by ".htpasswd".
But the server doesn't understand that the user already is logged in.. so it prompts him the user/pass for the folder. (but it's the same user/pass as he logged in with, to the community).
In my "community", people logs in by login.php. It creates sessions for the user's username and password.
Later, the user needs to access some files, that is in HIS private folder - which is password protected by ".htpasswd".
But the server doesn't understand that the user already is logged in.. so it prompts him the user/pass for the folder. (but it's the same user/pass as he logged in with, to the community).
- JonNielsen
- Posts: 19
- Joined: 13. November 2008 06:09
.by glitzi85 » 01. December 2008 13:56
OK, now i understand.
I guess you just link to the protected file. In this case the Browser requests the file from the Webserver, which want's the login data. You can not prevent this.
I would do it in this way:
Create a php file outside the forbidden folder. There check whether the user session is correct or not. If it is correct, then server the data via this php file. That can end up in a lot of programming, as you must clean up the request for handling in the file system and also must detect the MIME-Type of the file (if you want to serve multiple File types). With XAMPP i think this is not possible, as the mime_content_type function is not working correct (at least i could not get it up running) and the finfo-extension is not available in the current PHP-Version of XAMPP.
glitzi
I guess you just link to the protected file. In this case the Browser requests the file from the Webserver, which want's the login data. You can not prevent this.
I would do it in this way:
Create a php file outside the forbidden folder. There check whether the user session is correct or not. If it is correct, then server the data via this php file. That can end up in a lot of programming, as you must clean up the request for handling in the file system and also must detect the MIME-Type of the file (if you want to serve multiple File types). With XAMPP i think this is not possible, as the mime_content_type function is not working correct (at least i could not get it up running) and the finfo-extension is not available in the current PHP-Version of XAMPP.
glitzi
-
glitzi85 - Posts: 1920
- Joined: 05. March 2004 23:26
- Location: Dahoim
6 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 85 guests