Hi,

Is there any way to use php to enter the passwords for a .htaccess
protected directory?

Raj

Hi,

You can use a read function that supports URL wrappers, e.g.:

file_get_contents('http://user:password@example.test/protected/
file.doc');

cURL (php.net/curl) is another method.

Regards,

John Peters

On Mar 2, 1:37 pm, raj <r...@nospam.com> wrote:
> Hi,
>
> Is there any way to use php to enter the passwords for a .htaccess
> protected directory?
>
> Raj

..oO(raj)

>Is there any way to use php to enter the passwords for a .htaccess
>protected directory?

To get the content you can use PHP's file system functions and URLs like
<http://user:password@example.com>. Such URLs are not allowed by RFC,
but PHP will automatically turn them into correct URLs and generate the
appropriate HTTP Auth headers.

Micha

On 2008-03-02 18:53:50 +0000, petersprc <petersprc@gmail.com> said:

> Hi,
>
> You can use a read function that supports URL wrappers, e.g.:
>
> file_get_contents('http://user:password@example.test/protected/
> file.doc');
>
> cURL (php.net/curl) is another method.
>
> Regards,
>
> John Peters
>
> On Mar 2, 1:37 pm, raj <r...@nospam.com> wrote:
>> Hi,
>>
>> Is there any way to use php to enter the passwords for a .htaccess
>> protected directory?
>>
>> Raj

Hi John,

Thanks for the reply. I actually have a website with some of the
php/html pages protected by htaccess (username and password). I was
wondering is there any way to input the username and password once
using a php script so that I can then access that part f the website
too?

Thank you in advance.

Raj

raj wrote:
> Hi,
>
> Is there any way to use php to enter the passwords for a .htaccess
> protected directory?
>
> Raj
>
>

Nope. That is directly between the web server and the client; PHP isn't
involved until after authentication and authorization is complete.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Hi Raj,

I'm not quite sure what you're asking. Are you trying to create your
own login screen, rather than using the default? If so, I don't believe
that is possible, at least not with .htaccess protection.

John's solutions for getting the contents of a protected page using PHP
will work, but I take it that's not what you're trying to do?

Mango



raj wrote:
>
> Hi John,
>
> Thanks for the reply. I actually have a website with some of the
> php/html pages protected by htaccess (username and password). I was
> wondering is there any way to input the username and password once using
> a php script so that I can then access that part f the website too?
>
> Thank you in advance.
>
> Raj
>

petersprc wrote:
> On Mar 2, 1:37 pm, raj <r...@nospam.com> wrote:
>> Hi,
>>
>> Is there any way to use php to enter the passwords for a .htaccess
>> protected directory?
>>
>> Raj
>
>
> Hi,
>
> You can use a read function that supports URL wrappers, e.g.:
>
> file_get_contents('http://user:password@example.test/protected/
> file.doc');
>
> cURL (php.net/curl) is another method.
>
> Regards,
>
> John Peters
>

(top posting fixed)

That is not supported by the HTTP spec, and may not work on all sites or
in the future. It's just something some browsers have implemented; not
even all browsers support it any longer.

And please don't top post. Thanks.


--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

raj wrote:
> On 2008-03-02 20:00:48 +0000, Mango <mango@removethis.toao.net> said:
>
>> Hi Raj,
>>
>> I'm not quite sure what you're asking. Are you trying to create your
>> own login screen, rather than using the default? If so, I don't
>> believe that is possible, at least not with .htaccess protection.
>>
>> John's solutions for getting the contents of a protected page using
>> PHP will work, but I take it that's not what you're trying to do?
>>
>> Mango
>>
>>
>>
>> raj wrote:
>>>
>>> Hi John,
>>>
>>> Thanks for the reply. I actually have a website with some of the
>>> php/html pages protected by htaccess (username and password). I was
>>> wondering is there any way to input the username and password once
>>> using a php script so that I can then access that part f the website
>>> too?
>>>
>>> Thank you in advance.
>>>
>>> Raj
>
> Hi Mango,
>
> My setup is a website that is partly protected by one htaccess master
> password. I have various users and would like to monitor each of them. I
> give each of them a username and password not connected to the master
> htaccess password. Each time they successfully login they should be able
> to access the htaccess protected page without knowing the master
> htaccess username and password. I would like to do this by using a
> script to forward them to the password protected pages once they click a
> link to it. I was hoping to do someting like
>
> file_get_contents('http://user:password@example.test/protected/');
>
> but that doesn't work or I'm not doing it correctly.
>
> Any and advice would be greatly appreciated.
>
> Thank you in advance,
>
> Raj
>
>

Nope, not really possible.

There are a lot of ways to do it, however. Authorize them for the files
in that directory through .htaccess, .htpasswd, etc. include() the page
from another directory they can access, etc.

The most common way is also the simplest - just get rid of your master
password and have each page check to see if they are signed in or not,
and if they are signed in, are they authorized for access to that page.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

On 2008-03-02 20:00:48 +0000, Mango <mango@removethis.toao.net> said:

> Hi Raj,
>
> I'm not quite sure what you're asking. Are you trying to create your
> own login screen, rather than using the default? If so, I don't
> believe that is possible, at least not with .htaccess protection.
>
> John's solutions for getting the contents of a protected page using PHP
> will work, but I take it that's not what you're trying to do?
>
> Mango
>
>
>
> raj wrote:
>>
>> Hi John,
>>
>> Thanks for the reply. I actually have a website with some of the
>> php/html pages protected by htaccess (username and password). I was
>> wondering is there any way to input the username and password once
>> using a php script so that I can then access that part f the website
>> too?
>>
>> Thank you in advance.
>>
>> Raj

Hi Mango,

My setup is a website that is partly protected by one htaccess master
password. I have various users and would like to monitor each of them.
I give each of them a username and password not connected to the master
htaccess password. Each time they successfully login they should be
able to access the htaccess protected page without knowing the master
htaccess username and password. I would like to do this by using a
script to forward them to the password protected pages once they click
a link to it. I was hoping to do someting like

file_get_contents('http://user:password@example.test/protected/');

but that doesn't work or I'm not doing it correctly.

Any and advice would be greatly appreciated.

Thank you in advance,

Raj

Hi mango,

I have some resources (blog, forum, wiki) inside a password protected
directory using .htaccess.

I don't want to give out the master username and password to the
directory, and I don't want to setup .htaccess with one username and
password per user. I have a database of users and want to write a
script so that once the users have logged in they can access the
protected directory.

Any advice?

Thank you in advance,

Raj

On 2008-03-02 20:00:48 +0000, Mango <mango@removethis.toao.net> said:

> Hi Raj,
>
> I'm not quite sure what you're asking. Are you trying to create your
> own login screen, rather than using the default? If so, I don't
> believe that is possible, at least not with .htaccess protection.
>
> John's solutions for getting the contents of a protected page using PHP
> will work, but I take it that's not what you're trying to do?
>
> Mango
>
>
>
> raj wrote:
>>
>> Hi John,
>>
>> Thanks for the reply. I actually have a website with some of the
>> php/html pages protected by htaccess (username and password). I was
>> wondering is there any way to input the username and password once
>> using a php script so that I can then access that part f the website
>> too?
>>
>> Thank you in advance.
>>
>> Raj

On 2008-03-02 20:00:42 +0000, Jerry Stuckle <jstucklex@attglobal.net> said:

> raj wrote:
>> Hi,
>>
>> Is there any way to use php to enter the passwords for a .htaccess
>> protected directory?
>>
>> Raj
>>
>>
>
> Nope. That is directly between the web server and the client; PHP
> isn't involved until after authentication and authorization is complete.

Hi Jerry,

I have various resources in one directory that I would like to protect
from non-members of the site (it contains below it things like blog,
forum, wiki, ...).

How would you suggest that I protect that part of the directory structure?

Thank you for your . I'm fairly new to PHP compared to most of you
experts

Raj

raj wrote:
> On 2008-03-02 20:00:42 +0000, Jerry Stuckle <jstucklex@attglobal.net> said:
>
>> raj wrote:
>>> Hi,
>>>
>>> Is there any way to use php to enter the passwords for a .htaccess
>>> protected directory?
>>>
>>> Raj
>>>
>>>
>>
>> Nope. That is directly between the web server and the client; PHP
>> isn't involved until after authentication and authorization is complete.
>
> Hi Jerry,
>
> I have various resources in one directory that I would like to protect
> from non-members of the site (it contains below it things like blog,
> forum, wiki, ...).
>
> How would you suggest that I protect that part of the directory structure?
>
> Thank you for your . I'm fairly new to PHP compared to most of you
> experts
>
> Raj
>
>

Raj,

Web server authentication/authorization has nothing to do with PHP.
Unless you wish to change the pages themselves and use PHP for your
authorization/authentication, I suggest you ask in an Apache newsgroup,
such as alt.apache.configuration.

Some other bypasses have been mentioned here, i.e. include() files, PHP
file functions, etc. But you're going to have a lot of pages created
dynamically, and any of these will be very difficult to implement.

Maybe you just need to go back and plan your entire site again, looking
at your requirements and what software will meet those requirements.
Your current plan will cause a lot more problems than it will solve.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

The docs will tell you that usernames and passwords have been
supported
by the HTTP wrapper since PHP3:

HTTP and HTTPS

PHP 3, PHP 4, PHP 5. https:// since PHP 4.3.0

* http://example.com
* http://example.com/file.php?var1=val1&var2=val2
* http://user:password@example.com
* https://example.com
* https://example.com/file.php?var1=val1&var2=val2
* https://user:password@example.com

<http://us3.php.net/manual/en/wrappers.http.php>

Specifying a user and password tells the HTTP wrapper to use basic
authentication. See ext/standard/http_fopen_wrapper.c for details.

Most HTTP libraries like PHP's HTTP wrappers, cURL, and java.net.URL
implement this as an extension to RFC2616.

Regards,

John Peters

On Mar 2, 3:02 pm, Jerry Stuckle <jstuck...@attglobal.net> wrote:
> petersprc wrote:
> > On Mar 2, 1:37 pm, raj <r...@nospam.com> wrote:
> >> Hi,
>
> >> Is there any way to use php to enter the passwords for a .htaccess
> >> protected directory?
>
> >> Raj
>
> > Hi,
> >
> > You can use a read function that supports URL wrappers, e.g.:
> >
> > file_get_contents('http://user:passw...@example.test/protected/
> > file.doc');
> >
> > cURL (php.net/curl) is another method.
> >
> > Regards,
> >
> > John Peters
> >
>
> (top posting fixed)
>
> That is not supported by the HTTP spec, and may not work on all sites or
> in the future. It's just something some browsers have implemented; not
> even all browsers support it any longer.
>
> And please don't top post. Thanks.
>
> --
> ==================
> Remove the "x" from my email address
> Jerry Stuckle
> JDS Computer Training Corp.
> jstuck...@attglobal.net
> ==================

petersprc wrote:
> On Mar 2, 2:35 pm, raj <r...@nospam.com> wrote:
>> On 2008-03-02 18:53:50 +0000, petersprc <peters...@gmail.com> said:
>>
>>
>>
>>> Hi,
>>> You can use a read function that supports URL wrappers, e.g.:
>>> file_get_contents('http://user:passw...@example.test/protected/
>>> file.doc');
>>> cURL (php.net/curl) is another method.
>>> Regards,
>>> John Peters
>>> On Mar 2, 1:37 pm, raj <r...@nospam.com> wrote:
>>>> Hi,
>>>> Is there any way to use php to enter the passwords for a .htaccess
>>>> protected directory?
>>>> Raj
>> Hi John,
>>
>> Thanks for the reply. I actually have a website with some of the
>> php/html pages protected by htaccess (username and password). I was
>> wondering is there any way to input the username and password once
>> using a php script so that I can then access that part f the website
>> too?
>>
>> Thank you in advance.
>>
>> Raj
>
>
> mod_auth_mysql can do this. It will authenticate using your
> existing tables. For example:
>
> LoadModule mysql_auth_module modules/mod_auth_mysql.so
>
> AddModule mod_auth_mysql.c
>
> AuthName "My Site"
> AuthType Basic
> AuthMySQLHost localhost
> AuthMySQLDB my_db
> AuthMySQLUserTable my_user_table
> AuthMySQLNameField my_user_field
> AuthMySQLPasswordField my_password_field
> AuthMySQLEnable On
> require valid-user
>
> Now if you can't use that, I would just write a script to
> automatically
> generate the .htpasswd file whenever there's an update.
>
> Regards,
>
> John Peters
>

(Top posting fixed)

John,

As an author of mod_auth_mysql, I would say this is not necessarily his
solution. Too many other unknowns are involved.

And please don't top post.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

petersprc wrote:

>
> On Mar 2, 3:02 pm, Jerry Stuckle <jstuck...@attglobal.net> wrote:
>> petersprc wrote:
>>> On Mar 2, 1:37 pm, raj <r...@nospam.com> wrote:
>>>> Hi,
>>>> Is there any way to use php to enter the passwords for a .htaccess
>>>> protected directory?
>>>> Raj
>> > Hi,
>> >
>> > You can use a read function that supports URL wrappers, e.g.:
>> >
>> > file_get_contents('http://user:passw...@example.test/protected/
>> > file.doc');
>> >
>> > cURL (php.net/curl) is another method.
>> >
>> > Regards,
>> >
>> > John Peters
>> >
>>
>> (top posting fixed)
>>
>> That is not supported by the HTTP spec, and may not work on all sites or
>> in the future. It's just something some browsers have implemented; not
>> even all browsers support it any longer.
>>
>> And please don't top post. Thanks.
>>
> The docs will tell you that usernames and passwords have been
> supported
> by the HTTP wrapper since PHP3:
>
> HTTP and HTTPS
>
> PHP 3, PHP 4, PHP 5. https:// since PHP 4.3.0
>
> * http://example.com
> * http://example.com/file.php?var1=val1&var2=val2
> * http://user:password@example.com
> * https://example.com
> * https://example.com/file.php?var1=val1&var2=val2
> * https://user:password@example.com
>
> <http://us3.php.net/manual/en/wrappers.http.php>
>
> Specifying a user and password tells the HTTP wrapper to use basic
> authentication. See ext/standard/http_fopen_wrapper.c for details.
>
> Most HTTP libraries like PHP's HTTP wrappers, cURL, and java.net.URL
> implement this as an extension to RFC2616.
>
> Regards,
>
> John Peters

(Top posting fixed)

When you learn not to top post, I'll reply to your messages. Until
then, I won't.

You've been asked multiple times very nicely, yet refuse to follow the
conventions of this newsgroup. Until you do, I'm not going to bother
with you.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

mod_auth_mysql can do this. It will authenticate using your
existing tables. For example:

LoadModule mysql_auth_module modules/mod_auth_mysql.so

AddModule mod_auth_mysql.c

AuthName "My Site"
AuthType Basic
AuthMySQLHost localhost
AuthMySQLDB my_db
AuthMySQLUserTable my_user_table
AuthMySQLNameField my_user_field
AuthMySQLPasswordField my_password_field
AuthMySQLEnable On
require valid-user

Now if you can't use that, I would just write a script to
automatically
generate the .htpasswd file whenever there's an update.

Regards,

John Peters

On Mar 2, 2:35 pm, raj <r...@nospam.com> wrote:
> On 2008-03-02 18:53:50 +0000, petersprc <peters...@gmail.com> said:
>
>
>
> > Hi,
>
> > You can use a read function that supports URL wrappers, e.g.:
>
> > file_get_contents('http://user:passw...@example.test/protected/
> > file.doc');
>
> > cURL (php.net/curl) is another method.
>
> > Regards,
>
> > John Peters
>
> > On Mar 2, 1:37 pm, raj <r...@nospam.com> wrote:
> >> Hi,
>
> >> Is there any way to use php to enter the passwords for a .htaccess
> >> protected directory?
>
> >> Raj
>
> Hi John,
>
> Thanks for the reply. I actually have a website with some of the
> php/html pages protected by htaccess (username and password). I was
> wondering is there any way to input the username and password once
> using a php script so that I can then access that part f the website
> too?
>
> Thank you in advance.
>
> Raj

On Mar 2, 7:54 pm, Jerry Stuckle <jstuck...@attglobal.net> wrote:
> (Top posting fixed)
>
> When you learn not to top post, I'll reply to your messages. Until
> then, I won't.
>
> You've been asked multiple times very nicely, yet refuse to follow the
> conventions of this newsgroup. Until you do, I'm not going to bother
> with you.

Jerry doth protest too much, methinks.

--
There are 10 types of people in this world: Those who
understand binary and those who don't.

raj wrote:
> Hi mango,
>
> I have some resources (blog, forum, wiki) inside a password protected
> directory using .htaccess.
>
> I don't want to give out the master username and password to the
> directory, and I don't want to setup .htaccess with one username and
> password per user. I have a database of users and want to write a script
> so that once the users have logged in they can access the protected
> directory.
>
> Any advice?

Yes. Put all the data on those pages in a database, and use a different
name/password system to manage them.


>
> Thank you in advance,
>
> Raj
>
> On 2008-03-02 20:00:48 +0000, Mango <mango@removethis.toao.net> said:
>
>> Hi Raj,
>>
>> I'm not quite sure what you're asking. Are you trying to create your
>> own login screen, rather than using the default? If so, I don't
>> believe that is possible, at least not with .htaccess protection.
>>
>> John's solutions for getting the contents of a protected page using
>> PHP will work, but I take it that's not what you're trying to do?
>>
>> Mango
>>
>>
>>
>> raj wrote:
>>>
>>> Hi John,
>>>
>>> Thanks for the reply. I actually have a website with some of the
>>> php/html pages protected by htaccess (username and password). I was
>>> wondering is there any way to input the username and password once
>>> using a php script so that I can then access that part f the website
>>> too?
>>>
>>> Thank you in advance.
>>>
>>> Raj
>
>

salberdian@yahoo.com wrote:
> On Mar 2, 7:54 pm, Jerry Stuckle <jstuck...@attglobal.net> wrote:
>> (Top posting fixed)
>>
>> When you learn not to top post, I'll reply to your messages. Until
>> then, I won't.
>>
>> You've been asked multiple times very nicely, yet refuse to follow the
>> conventions of this newsgroup. Until you do, I'm not going to bother
>> with you.
>
> Jerry doth protest too much, methinks.
>
> --
> There are 10 types of people in this world: Those who
> understand binary and those who don't.
>

Nope. Check the archives in this newsgroup - top posting is not the
norm here. And I'm just getting tired of correcting his top posts to
keep the threads half-way readable.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Tim Streater wrote:
> In article <IK-dnVtrttxpS1banZ2dnUVZ_vbinZ2d@comcast.com>,
> Jerry Stuckle <jstucklex@attglobal.net> wrote:
>
>> salberdian@yahoo.com wrote:
>>> On Mar 2, 7:54 pm, Jerry Stuckle <jstuck...@attglobal.net> wrote:
>>>> (Top posting fixed)
>>>>
>>>> When you learn not to top post, I'll reply to your messages. Until
>>>> then, I won't.
>>>>
>>>> You've been asked multiple times very nicely, yet refuse to follow the
>>>> conventions of this newsgroup. Until you do, I'm not going to bother
>>>> with you.
>>> Jerry doth protest too much, methinks.
>>>
>>> --
>>> There are 10 types of people in this world: Those who
>>> understand binary and those who don't.
>>>
>> Nope. Check the archives in this newsgroup - top posting is not the
>> norm here. And I'm just getting tired of correcting his top posts to
>> keep the threads half-way readable.
>
> Don't bother, then.
>
>

(Top posting fixed)

Another idiot who things he's above netiquette...

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Don't bother, then.


In article <IK-dnVtrttxpS1banZ2dnUVZ_vbinZ2d@comcast.com>,
Jerry Stuckle <jstucklex@attglobal.net> wrote:

> salberdian@yahoo.com wrote:
> > On Mar 2, 7:54 pm, Jerry Stuckle <jstuck...@attglobal.net> wrote:
> >> (Top posting fixed)
> >>
> >> When you learn not to top post, I'll reply to your messages. Until
> >> then, I won't.
> >>
> >> You've been asked multiple times very nicely, yet refuse to follow the
> >> conventions of this newsgroup. Until you do, I'm not going to bother
> >> with you.
> >
> > Jerry doth protest too much, methinks.
> >
> > --
> > There are 10 types of people in this world: Those who
> > understand binary and those who don't.
> >
>
> Nope. Check the archives in this newsgroup - top posting is not the
> norm here. And I'm just getting tired of correcting his top posts to
> keep the threads half-way readable.

Jerry Stuckle a écrit :
> > Don't bother, then.
> >
> >
>
> (Top posting fixed)
>
> Another idiot who things he's above netiquette...

Or maybe just someone that ironically show you those things "should not
matter" that much, including his own message (that should both matter
and do not matter, in 2 different ways)

He refuses to follow the netiquette, ok, don't reply to him and don't
even waste your time repeating that you won't reply, just "don't bother".

--
Guillaume

Guillaume wrote:
> Jerry Stuckle a écrit :
>> > Don't bother, then.
>> >
>> >
>>
>> (Top posting fixed)
>>
>> Another idiot who things he's above netiquette...
>
> Or maybe just someone that ironically show you those things "should not
> matter" that much, including his own message (that should both matter
> and do not matter, in 2 different ways)
>
> He refuses to follow the netiquette, ok, don't reply to him and don't
> even waste your time repeating that you won't reply, just "don't bother".
>

That would be fine, but new people look at that and think it's the
"norm" for the newsgroup - when it isn't.

And soon a lot of other threads become messed up. You haven't seen a
screwed up thread until you've seen one with 20 posts, some top, some
bottom.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

In article <_pmdnXVHsuVinFHanZ2dnUVZ_vfinZ2d@comcast.com>,
Jerry Stuckle <jstucklex@attglobal.net> wrote:

> Guillaume wrote:
> > Jerry Stuckle a écrit :
> >> > Don't bother, then.
> >> >
> >> >
> >>
> >> (Top posting fixed)
> >>
> >> Another idiot who things he's above netiquette...
> >
> > Or maybe just someone that ironically show you those things "should not
> > matter" that much, including his own message (that should both matter
> > and do not matter, in 2 different ways)
> >
> > He refuses to follow the netiquette, ok, don't reply to him and don't
> > even waste your time repeating that you won't reply, just "don't bother".
> >
>
> That would be fine, but new people look at that and think it's the
> "norm" for the newsgroup - when it isn't.
>
> And soon a lot of other threads become messed up. You haven't seen a
> screwed up thread until you've seen one with 20 posts, some top, some
> bottom.

I "refused to follow the netiquette" to make a point: that Jerry is free
not to respond. Instead, he chooses to get all upset and huffy and
starts responding in a pompous way.

Top posting is occasionally appropriate:

1) when deflating pomposity
2) on other occasions

Jerry's posts are plentiful, mostly ful, and, I expect, mostly
appreciated.

"raj" <raj@nospam.com> wrote in message
news:2008030218372516807-raj@nospamcom...
> Hi,
>
> Is there any way to use php to enter the passwords for a .htaccess
> protected directory?
>

This just seems so simple in practice, for such a long thread.

Don't use .htaccess to protect the directory. For example, you can set a
session on a login page. If someone without a valid session hits a
protected url, just set a redirect header to the login page if they don't
have a valid session. Any behavior you want to track can be done by
session variables.