Uranium-235
12-27-2001, 12:33 PM
Have you ever wanted to give scripts individual access without having to create your own cookie authentication method? Well...you could just use a little http header trick to do just that! I found this out last night, and played with it a little, and I think it's worth ppl knowing. You know what .hacccess is? It's a file that some web server can read (mainly apache) and if apache encounters it, it will send certain headers to the persons broswer asking for a username and password (yeah you've seen them before, little window that pops up with the key in Internet explorer).
Well you can do this with PHP also! And the wonderful people at php have built it so it will send the username and password the user enters into global varibles your script can access!
I admit if you want to password an entire directory it's best to use .htaccess. This is cause files inside the directory will still be able to be accessed if you use script authentication, even with a index.php. And .htaccess will password the directory it's in and all directories under it. Like if it's in /foo/ the directory /foo/images/ will still be protected, with script authorization /images/ will not be protected. However some server might not support .htaccess, so this might be a good idea. With .htaccess, it stores it's passwords in a sperate file that can be specified in .htaccess. This is somewhat limited. With script access you can get passwords off databases to authenticate the user, or you can use your own file also. .Htaccess passwords are also encrypted in it's password file. You can do this in php with crypt() if you know how to (and I do). Click on the link below and enter in the username "username" and the password "password" SPAM...WITHOUT the quotes
http://dynamic2.gamespy.com/~extreme/scripts/test.php
Once they've entered in the correct username and password, you won't have to put it in again, cause the browser will automatically send your username and password into the script each time you access it. As well PHP will keep the value $PHP_AUTH_USER in it's set every time you access the script...until you close your browser window.
Well you can do this with PHP also! And the wonderful people at php have built it so it will send the username and password the user enters into global varibles your script can access!
I admit if you want to password an entire directory it's best to use .htaccess. This is cause files inside the directory will still be able to be accessed if you use script authentication, even with a index.php. And .htaccess will password the directory it's in and all directories under it. Like if it's in /foo/ the directory /foo/images/ will still be protected, with script authorization /images/ will not be protected. However some server might not support .htaccess, so this might be a good idea. With .htaccess, it stores it's passwords in a sperate file that can be specified in .htaccess. This is somewhat limited. With script access you can get passwords off databases to authenticate the user, or you can use your own file also. .Htaccess passwords are also encrypted in it's password file. You can do this in php with crypt() if you know how to (and I do). Click on the link below and enter in the username "username" and the password "password" SPAM...WITHOUT the quotes
http://dynamic2.gamespy.com/~extreme/scripts/test.php
Once they've entered in the correct username and password, you won't have to put it in again, cause the browser will automatically send your username and password into the script each time you access it. As well PHP will keep the value $PHP_AUTH_USER in it's set every time you access the script...until you close your browser window.