.htaccess login with php?
Hi, I have been trying to get an .htaccess login from a web form to work with no luck.
I've tried this in php ...
<?php
header(\"Location: http://\" . $username . \":\" . $password . \"@www.thisdomain.com\");
?>which works fine in Netscape 4 & 6, but IE doesn't like it, and ignores it completely. Even so i'd prefer not to display visitors username and password in the url.
so my question is, can .htaccess username/password information be sent any other way than through that damned pop up box or in the url? i was certain it could be sent in a http header but after searching for the last 2 hours im starting to doubt it.
as a last resort i guess i could forward the user with javascript to 'http://username:[email protected]' which is not only insecure it is an extremely ugly way to log someone in.
ROB posted this at 04:08 — 11th November 2001.
They have: 447 posts
Joined: Oct 1999
thanks to whoever made this sticky
still searching for an answer on this...
Mark Hensler posted this at 05:49 — 11th November 2001.
He has: 4,048 posts
Joined: Aug 2000
I've never done any research on that. It would make sense to have a header for that.
I took over one site which the previous programmer printed a form with hidden fields for user/pass. Then JavaScript submitted the form. This gained access into a certain specified area, BUT.. it didn't use .htaccess for permissions.
I've used the user:[email protected] in my IE before. I find it strange that it doesn't like it when executed by a PHP header() call.
Mark Hensler
If there is no answer on Google, then there is no question.
ROB posted this at 06:54 — 11th November 2001.
They have: 447 posts
Joined: Oct 1999
yes i found that strange also. if it did work it would at least provide me with some sort of workaround. IE wont accept it if it's coming in a Location header though which really sucks. I cant count the times ive cursed IE for making their own standards (which defeats the whole purpose of a standard no matter how nice the "features" || "bugs" are.
ROB posted this at 07:03 — 11th November 2001.
They have: 447 posts
Joined: Oct 1999
btw this is for a redesigned interface for a network of cobalt raqs, so my options are:
A: Figure out how to get this to work
B: Use the ugly popup login
C: re-write all upteen thousand lines of raq web interface code
C isn't an option, if cobalt wants to pay me to rewrite their shite interface i'd be happy to but its not in my current employers budget.
B is the easiest way but we're trying to avoid popups of any kind, and would much rather let users log in through a web form on the main page.
A is what i'm shooting for but considering how long ive searched for an answer and havnt even found a mention of my problem im guessing it's not possible.
Mark Hensler posted this at 19:32 — 11th November 2001.
He has: 4,048 posts
Joined: Aug 2000
How about using JS...
<script>
self.location='http://user:[email protected]';
</script>
That will cause the clients browser to make the request instead of the PHP script.
Mark Hensler
If there is no answer on Google, then there is no question.
ROB posted this at 03:03 — 13th November 2001.
They have: 447 posts
Joined: Oct 1999
ya, i may have to, then after the login immediately forward them to another page so their login info isn't visible. im thinking ill just use the popup though, which while ugly is more secure and reliable.
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.