Solved

Posting PHP_AUTH_USER & PHP_AUTH_PW

Posted on 2004-04-27
10
735 Views
Last Modified: 2012-05-05
Hi 2U ALL
I've a page with a basic authentication , I need to access it from PHP page without getting the username-password dialog, I've Treid the following but I'm still getting the dialog requiring the username and passowrd again, so how can I post the username and password through my PHP page?

$PHP_AUTH_USER='testuser';
$PHP_AUTH_PW='testpass';
header("location: /$pathToAuthenticationPage");

but still getting the dialog although the username and passord are correct for sure.

thanks in advance
FERAS
BYE
0
Comment
Question by:ferassh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
10 Comments
 
LVL 10

Expert Comment

by:eeBlueShadow
ID: 10927180
The authentication dialog presented after a 401 (Authentication required) response means that the *browser* has to send authentication, you could try telling the user the name and password to use, but without lowering the security of the protected page this isn't possible, I'm afraid.

The $PHP_AUTH_USER and $PHP_AUTH_PW variables (also available through $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW']) are set by the server every time the page is loaded up.

_Blue
0
 

Expert Comment

by:xernous
ID: 10946786
that would work
or you could go

youruser:yourpass@yoursite.com/path-to-file-here

it works just as simply, if your say including or requiring the file.
-XeRnOuS
0
 

Author Comment

by:ferassh
ID: 10947467
Hi
I read your comment xernous but how can I use it in my php file,

I tried this but it didn't work:
include('name:pass@site.com/page.php');

I got no such file or directory error.

I think that I still need a little help ,
Thanks
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 10

Expert Comment

by:eeBlueShadow
ID: 10947846
I have to say again that I really don't think there is any way to bypass the login dialog if you want to use HTTP authentication.

HTTP authentication is actually pretty strong and was designed not to be able to be circumvented as easily as you are trying to do. If you are that keen to avoid the login box, you will have to implement some more advanced login mechanism, such as using PHP to handle everything.

This tutorial at devshed (http://www.devshed.com/c/a/PHP/User-Authentication-With-Apache-And-PHP/) was what got me started with putting together a PHP auth system, maybe it'll be good enough for you...

_Blue
0
 

Author Comment

by:ferassh
ID: 10948354
Hi again
At first thanks 2 u all, but I still haven't got what I want.

Is there any way to pass the username and password to this authentication dialog?

I don't want to bypass it or disable it, I just want to access using my php page without the user intervention.

Feras,
0
 
LVL 10

Accepted Solution

by:
eeBlueShadow earned 40 total points
ID: 10948464
There really isn't. The browser has to see and respond to the 401 error message itself, you can't pass it from a server side script or even from a client side script, because the 401 error code which prompts the browser to popup the dialog box is a completely separate entity from any page that is displayed.

The first few pages of the tutorial I linked to explain this, page 3 (http://www.devshed.com/c/a/PHP/User-Authentication-With-Apache-And-PHP/3/) talks about your problem specifically, and is the best reference I've found for getting a system running which doesn't require the popup authentication.

There isn't an easy answer, I'm afraid,
_Blue
0
 

Assisted Solution

by:xernous
xernous earned 40 total points
ID: 11073176
hmm im not sure if that diddnt work, you might try specyfing the protocol or something though..

such as http://username:password@somesite.com

but i know for fact the username:password@site.com will bypass it.. because a but back i worked on a website using PHP_AUTH_USER nad PHP_AUTH_PASS for administative authentication and after you failed to login three times it wouldnt let you login normally after that, it wouldnt display anything properly.. and i had some compt problems so my compt wasnt updating the files or somethign after that.. and i used that method to get around it.

but yeah..
0
 
LVL 1

Expert Comment

by:regisw
ID: 11096226
I tried to find a solution to bypass a dialog box with javascript with this script:

<script language="javascript">          
function doRequest()            
{              
var url =  "http://www.site.net/members/";                
var xmlHttp;                
try
{
netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
xmlHttp = new XMLHttpRequest();                
}                
catch (e)                
{                    
xmlHttp = new ActiveXObject("Msxml2.XMLHTTP");              
}                
xmlHttp.open("GET", url, false, "user", "pass");              
xmlHttp.send(null);                
xmlHttp = null;                
location.replace(url);            
}            
window.onload = doRequest;        
</script>

It must normally work with IE and Mozilla, it worked with some people that it tested it for me. I don't know why, but when I test this script on my computer, I have an error in both IE and Mozilla (Permission denied to call method XMLHttpRequest.open). If someone knows what's wrong, I think it's a good alternative of http://user:pass@domain.com.
It can also be included in a php script.

Régis
0

Featured Post

WordPress Tutorial 4: Recommended Plugins

Now that you have WordPress installed, understand the interface, and know how to install new parts, let’s take a look at our recommended plugins.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It's sometimes a bit tricky to use date functions in Oracle BPEL. I'll explain quickly how you can add N days to the current date. In a BPEL process this can be useful, and you can adapt it to fit your needs. First of all, let's see how to add 1 …
I found this questions asking how to do this in many different forums, so I will describe here how to implement a solution using PHP and AJAX. The logical flow for the problem should be: Write an event handler for the first drop down box to get …
Viewers will learn about arithmetic and Boolean expressions in Java and the logical operators used to create Boolean expressions. We will cover the symbols used for arithmetic expressions and define each logical operator and how to use them in Boole…
Viewers will learn about basic arrays, how to declare them, and how to use them. Introduction and definition: Declare an array and cover the syntax of declaring them: Initialize every index in the created array: Example/Features of a basic arr…
Suggested Courses

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question