Jump to content
xisto Community
Amezis

.htaccess-style Login System And Php

Recommended Posts

I am trying to make a login system that looks and works like .htaccess using sessions, with a PHP script that detects the username used.

Let's say I log on with the username "Amezis" and correct password. Then I want a PHP (or any other kind of script) to create a cookie or session which stores the user name, so it could be possible to store it in a variable as long as the user is logged in, and so it can be printed when needed.

Basically, this is what I want the script to do:

/* This file can only be executed after logging in with the htaccess-style login screen *//* Then, detect the used username, so it can be stored in a variable using a cookie or session, and that way, it can be printed on this page, or on another restricted user page as long as the user has logged in with the htaccess-screen and the session is valid *//* Content */

Share this post


Link to post
Share on other sites

When you say an .htaccess-style login, do you mean you want a popup login box, or you want usernames and passwords stored in a text file? The PHP code for reading a text file and reading a database is very different and requires different logic. A popup login box would just require some JS, or if it doesn't need to popup then a simple HTML form would suffice.

Share this post


Link to post
Share on other sites

I was thinking about a popup login box, preferably made with .htaccess. I want the PHP script to simply detect what the entered information is (username, password).

Share this post


Link to post
Share on other sites

No, I want something like the cPanel login screen, which can be made using a .htaccess file. I do not have problems using .htaccess, but I want PHP to detect the submitted info, which is in this case the username and password.A javascript login would be plain stupid and not secure at all, and it's not possible to make the .htaccess login box with javascript, and I don't see why I would use java for it.If someone still don't understand my problem, then I'll try to explain it again:I have a .htaccess file pointing to a password file outside the public directory with 4 usernames and passwords, which protects a specific directory. When the user submits the correct username and password, PHP will detect the username used for the login so it can be either stored in a cookie or saved as a session so it can be possible to echo the user name later.

Share this post


Link to post
Share on other sites

I understand your problem, but as said javascript is the best way to go . javascript will make the popup box and it will look identical to that of the .htaccess method then the values of username and password will be stored in GET or POST global variables so that the php page that comes next will take those values and compare them to the ones in the file, if correct you get in, if not you get redirected. the easiest way in my opinion would be to use a database or to include the correct usernames and passwords list in the php file. it will be safer i think and easier to work with

Share this post


Link to post
Share on other sites

I understand what the guy wants, and I know there is a way to do it. It does not involve JS. When you make a CGI request, there are two variables that are included in the array of environment variable. I do not know the names of those variables offhand, but some research will bring results. The variables contain the username and the passowrd, most probably Base64 encoded.

Edited by michaelper22 (see edit history)

Share this post


Link to post
Share on other sites

Well, I want to do this to secure folders and files that cannot be loaded by regular visitors. I'm pretty sure that there is no good way to secure images and .exe files using PHP, that's why I'm using .htaccess for it. Heck, I will have to make two login systems: One protecting the folder, and one identifying the user.I know it is possible, because I have seen several systems using it. And I don't really see why I should do a popup login screen with Javascript, there wouldn't be much sense making one. A popup login like .htaccess made with javascript wouldn't be more useful than a regular login form.I have to use .htaccess. There is no way, as far as I know, to make better login system which protects all types of files (PSD, JPG, GIF, EXE, ZIP, RAR, and so on) except .htaccess. But again, I want to make it possible to allow the .htaccess login to work for the PHP files, so the user don't have to log in twice.

Share this post


Link to post
Share on other sites

I will look into this for you. As I said, there is a way to do this. like cPanel did. Just give me some time - might have a sloution by the afternoon (my time - as I post it's 10:40 AM).

Share this post


Link to post
Share on other sites

I did some research, and came up with these to findings:

'PHP_AUTH_DIGEST'When running under Apache as module doing Digest HTTP authentication this variable is set to the 'Authorization' header sent by the client (which you should then use to make the appropriate validation).

'PHP_AUTH_USER'
When running under Apache or IIS (ISAPI on PHP 5) as module doing HTTP authentication this variable is set to the username provided by the user.

'PHP_AUTH_PW'
When running under Apache or IIS (ISAPI on PHP 5) as module doing HTTP authentication this variable is set to the password provided by the user.

'AUTH_TYPE'
When running under Apache as module doing HTTP authenticated this variable is set to the authentication type.

I got this from the PHP manual (http://us2.php.net/manual/en/reserved.variables.php).
Edited by michaelper22 (see edit history)

Share this post


Link to post
Share on other sites

Dear rvalkasswhich one is better login form pop menu ( .htaccess ) or database ?i know in datbase we can use password in many format like (md5) and .... but i want to know which login is be in safe ?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.