Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 744
  • Last Modified:

Posting PHP_AUTH_USER & PHP_AUTH_PW

Hi 2U ALL
I've a page with a basic authentication , I need to access it from PHP page without getting the username-password dialog, I've Treid the following but I'm still getting the dialog requiring the username and passowrd again, so how can I post the username and password through my PHP page?

$PHP_AUTH_USER='testuser';
$PHP_AUTH_PW='testpass';
header("location: /$pathToAuthenticationPage");

but still getting the dialog although the username and passord are correct for sure.

thanks in advance
FERAS
BYE
0
ferassh
Asked:
ferassh
  • 3
  • 2
  • 2
  • +1
2 Solutions
 
eeBlueShadowCommented:
The authentication dialog presented after a 401 (Authentication required) response means that the *browser* has to send authentication, you could try telling the user the name and password to use, but without lowering the security of the protected page this isn't possible, I'm afraid.

The $PHP_AUTH_USER and $PHP_AUTH_PW variables (also available through $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW']) are set by the server every time the page is loaded up.

_Blue
0
 
xernousCommented:
that would work
or you could go

youruser:yourpass@yoursite.com/path-to-file-here

it works just as simply, if your say including or requiring the file.
-XeRnOuS
0
 
ferasshAuthor Commented:
Hi
I read your comment xernous but how can I use it in my php file,

I tried this but it didn't work:
include('name:pass@site.com/page.php');

I got no such file or directory error.

I think that I still need a little help ,
Thanks
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
eeBlueShadowCommented:
I have to say again that I really don't think there is any way to bypass the login dialog if you want to use HTTP authentication.

HTTP authentication is actually pretty strong and was designed not to be able to be circumvented as easily as you are trying to do. If you are that keen to avoid the login box, you will have to implement some more advanced login mechanism, such as using PHP to handle everything.

This tutorial at devshed (http://www.devshed.com/c/a/PHP/User-Authentication-With-Apache-And-PHP/) was what got me started with putting together a PHP auth system, maybe it'll be good enough for you...

_Blue
0
 
ferasshAuthor Commented:
Hi again
At first thanks 2 u all, but I still haven't got what I want.

Is there any way to pass the username and password to this authentication dialog?

I don't want to bypass it or disable it, I just want to access using my php page without the user intervention.

Feras,
0
 
eeBlueShadowCommented:
There really isn't. The browser has to see and respond to the 401 error message itself, you can't pass it from a server side script or even from a client side script, because the 401 error code which prompts the browser to popup the dialog box is a completely separate entity from any page that is displayed.

The first few pages of the tutorial I linked to explain this, page 3 (http://www.devshed.com/c/a/PHP/User-Authentication-With-Apache-And-PHP/3/) talks about your problem specifically, and is the best reference I've found for getting a system running which doesn't require the popup authentication.

There isn't an easy answer, I'm afraid,
_Blue
0
 
xernousCommented:
hmm im not sure if that diddnt work, you might try specyfing the protocol or something though..

such as http://username:password@somesite.com

but i know for fact the username:password@site.com will bypass it.. because a but back i worked on a website using PHP_AUTH_USER nad PHP_AUTH_PASS for administative authentication and after you failed to login three times it wouldnt let you login normally after that, it wouldnt display anything properly.. and i had some compt problems so my compt wasnt updating the files or somethign after that.. and i used that method to get around it.

but yeah..
0
 
regiswCommented:
I tried to find a solution to bypass a dialog box with javascript with this script:

<script language="javascript">          
function doRequest()            
{              
var url =  "http://www.site.net/members/";                
var xmlHttp;                
try
{
netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
xmlHttp = new XMLHttpRequest();                
}                
catch (e)                
{                    
xmlHttp = new ActiveXObject("Msxml2.XMLHTTP");              
}                
xmlHttp.open("GET", url, false, "user", "pass");              
xmlHttp.send(null);                
xmlHttp = null;                
location.replace(url);            
}            
window.onload = doRequest;        
</script>

It must normally work with IE and Mozilla, it worked with some people that it tested it for me. I don't know why, but when I test this script on my computer, I have an error in both IE and Mozilla (Permission denied to call method XMLHttpRequest.open). If someone knows what's wrong, I think it's a good alternative of http://user:pass@domain.com.
It can also be included in a php script.

RĂ©gis
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now