htaccess

[weblogic]

I've worked with htaccess access before, I've worked with custom built client login before. But never have I dealt with both at the same time.

The problem I face is that this website has a client login which allows clients to peruse webpages otherwise restricted, however there is also an area that the clients may go into that is protected by htaccess (which makes them login again).

When a client is logged in, is it possible to pass htaccess the username password programmatically, not bothering the user to once again login?

You may ask, why not just take off the htaccess and use the custom login. The main purpose of the htaccess is to restrict direct access to images/pdf's. (No this is not an adult site )

You may ask, why not have htaccess protect all of the files that need protecting. That's not how the client wants it.


Any points into a tutorial or just flat out telling me would be appreciated!

[jnichel]

What is the custom built login written in?

I know with PHP you can check to see if the user has authenticated via htaccess, but I don't know if you can do it the other way around. This has been discussed numerous times on the php-general mailing list, and even if your custom login isn't in php, it might give you some direction...

http://marc.theaimsgroup.com/?l=php-...s=htaccess&q=b

----
If a server crashes in the woods, and no one is around to hear it, is it still Windows?

[weblogic]

Thanks for the link jnichel.

Still haven't found my answer yet. It seems as if the same question has been raised a number of times, but a definite answer has not been reached.

I see a lot of examples of work arounds to this problem. The most common is putting the username / password in the url of the site, like so, http://USERNAME:PASSWORD@www.dhtmlcentral.com/. I can't even believe that people suggested this.



Oh well more digging won't hurt.

[Brian Nickel]

I haven't looked it over thuroughly, but this page has info on http authenication:
http://www.php.net/features.http-auth

<font color="brown"><font face="Courier New">.Brian</font id="Courier New">
<font size="2">Email: kerrick[at]gmx[dot]net - AIM: Brian K Nickel - Yahoo: brian_nickel - Jabber: Kerrick[at]jabber[dot]org - MSN: kerrick[at]gmx[dot]net - ICQ: 118451560</font id="size2">
Quidquid latine dictum sit, altum viditur.</font id="brown">

[weblogic]

I'm toying with the idea of rewriting the old system. Putting the restricted files into the db and rewriting the existing code obviously. Not really the solution I want but it may work until I do come up with a solution I'm happy with.

Unless somebody has an idea how to restrict direct access to an image, lets say http://www.dhtmlcentral.com/images/logo.gif

[weblogic]

What a fool I be.

<inside of the .htaccess file>
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://yourdomain.com/
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com/
RewriteRule /* http://www.yourdomain.com/ [R,L]
</>

I was so wrapped up in using only one solution to the problem I didn't think about alternatives.


I'm still going to pursue the programmatic login to htaccess. I can see the need and there is definitely a want.