Solved

Posting PHP_AUTH_USER & PHP_AUTH_PW

Posted on 2004-04-27
10
713 Views
Last Modified: 2012-05-05
Hi 2U ALL
I've a page with a basic authentication , I need to access it from PHP page without getting the username-password dialog, I've Treid the following but I'm still getting the dialog requiring the username and passowrd again, so how can I post the username and password through my PHP page?

$PHP_AUTH_USER='testuser';
$PHP_AUTH_PW='testpass';
header("location: /$pathToAuthenticationPage");

but still getting the dialog although the username and passord are correct for sure.

thanks in advance
FERAS
BYE
0
Comment
Question by:ferassh
  • 3
  • 2
  • 2
  • +1
10 Comments
 
LVL 10

Expert Comment

by:eeBlueShadow
ID: 10927180
The authentication dialog presented after a 401 (Authentication required) response means that the *browser* has to send authentication, you could try telling the user the name and password to use, but without lowering the security of the protected page this isn't possible, I'm afraid.

The $PHP_AUTH_USER and $PHP_AUTH_PW variables (also available through $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW']) are set by the server every time the page is loaded up.

_Blue
0
 

Expert Comment

by:xernous
ID: 10946786
that would work
or you could go

youruser:yourpass@yoursite.com/path-to-file-here

it works just as simply, if your say including or requiring the file.
-XeRnOuS
0
 

Author Comment

by:ferassh
ID: 10947467
Hi
I read your comment xernous but how can I use it in my php file,

I tried this but it didn't work:
include('name:pass@site.com/page.php');

I got no such file or directory error.

I think that I still need a little help ,
Thanks
0
 
LVL 10

Expert Comment

by:eeBlueShadow
ID: 10947846
I have to say again that I really don't think there is any way to bypass the login dialog if you want to use HTTP authentication.

HTTP authentication is actually pretty strong and was designed not to be able to be circumvented as easily as you are trying to do. If you are that keen to avoid the login box, you will have to implement some more advanced login mechanism, such as using PHP to handle everything.

This tutorial at devshed (http://www.devshed.com/c/a/PHP/User-Authentication-With-Apache-And-PHP/) was what got me started with putting together a PHP auth system, maybe it'll be good enough for you...

_Blue
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Author Comment

by:ferassh
ID: 10948354
Hi again
At first thanks 2 u all, but I still haven't got what I want.

Is there any way to pass the username and password to this authentication dialog?

I don't want to bypass it or disable it, I just want to access using my php page without the user intervention.

Feras,
0
 
LVL 10

Accepted Solution

by:
eeBlueShadow earned 40 total points
ID: 10948464
There really isn't. The browser has to see and respond to the 401 error message itself, you can't pass it from a server side script or even from a client side script, because the 401 error code which prompts the browser to popup the dialog box is a completely separate entity from any page that is displayed.

The first few pages of the tutorial I linked to explain this, page 3 (http://www.devshed.com/c/a/PHP/User-Authentication-With-Apache-And-PHP/3/) talks about your problem specifically, and is the best reference I've found for getting a system running which doesn't require the popup authentication.

There isn't an easy answer, I'm afraid,
_Blue
0
 

Assisted Solution

by:xernous
xernous earned 40 total points
ID: 11073176
hmm im not sure if that diddnt work, you might try specyfing the protocol or something though..

such as http://username:password@somesite.com

but i know for fact the username:password@site.com will bypass it.. because a but back i worked on a website using PHP_AUTH_USER nad PHP_AUTH_PASS for administative authentication and after you failed to login three times it wouldnt let you login normally after that, it wouldnt display anything properly.. and i had some compt problems so my compt wasnt updating the files or somethign after that.. and i used that method to get around it.

but yeah..
0
 
LVL 1

Expert Comment

by:regisw
ID: 11096226
I tried to find a solution to bypass a dialog box with javascript with this script:

<script language="javascript">          
function doRequest()            
{              
var url =  "http://www.site.net/members/";                
var xmlHttp;                
try
{
netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
xmlHttp = new XMLHttpRequest();                
}                
catch (e)                
{                    
xmlHttp = new ActiveXObject("Msxml2.XMLHTTP");              
}                
xmlHttp.open("GET", url, false, "user", "pass");              
xmlHttp.send(null);                
xmlHttp = null;                
location.replace(url);            
}            
window.onload = doRequest;        
</script>

It must normally work with IE and Mozilla, it worked with some people that it tested it for me. I don't know why, but when I test this script on my computer, I have an error in both IE and Mozilla (Permission denied to call method XMLHttpRequest.open). If someone knows what's wrong, I think it's a good alternative of http://user:pass@domain.com.
It can also be included in a php script.

Régis
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Article by: Matthew
I am a very big proponent of technology compliance standards and strive to meet such criteria in all of my work. That includes my site, which is 100% XHTML 1.0 compliant as determined by the World Wide Web Consortium. https://www.matthewstevenkel…
Preface This is the third article about the EE Collaborative Login Project. A Better Website Login System (http://www.experts-exchange.com/A_2902.html) introduces the Login System and shows how to implement a login page. The EE Collaborative Logi…
Viewers will learn about the regular for loop in Java and how to use it. Definition: Break the for loop down into 3 parts: Syntax when using for loops: Example using a for loop:
The viewer will the learn the benefit of plain text editors and code an HTML5 based template for use in further tutorials.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now