Solved

Posting PHP_AUTH_USER & PHP_AUTH_PW

Posted on 2004-04-27
10
718 Views
Last Modified: 2012-05-05
Hi 2U ALL
I've a page with a basic authentication , I need to access it from PHP page without getting the username-password dialog, I've Treid the following but I'm still getting the dialog requiring the username and passowrd again, so how can I post the username and password through my PHP page?

$PHP_AUTH_USER='testuser';
$PHP_AUTH_PW='testpass';
header("location: /$pathToAuthenticationPage");

but still getting the dialog although the username and passord are correct for sure.

thanks in advance
FERAS
BYE
0
Comment
Question by:ferassh
  • 3
  • 2
  • 2
  • +1
10 Comments
 
LVL 10

Expert Comment

by:eeBlueShadow
ID: 10927180
The authentication dialog presented after a 401 (Authentication required) response means that the *browser* has to send authentication, you could try telling the user the name and password to use, but without lowering the security of the protected page this isn't possible, I'm afraid.

The $PHP_AUTH_USER and $PHP_AUTH_PW variables (also available through $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW']) are set by the server every time the page is loaded up.

_Blue
0
 

Expert Comment

by:xernous
ID: 10946786
that would work
or you could go

youruser:yourpass@yoursite.com/path-to-file-here

it works just as simply, if your say including or requiring the file.
-XeRnOuS
0
 

Author Comment

by:ferassh
ID: 10947467
Hi
I read your comment xernous but how can I use it in my php file,

I tried this but it didn't work:
include('name:pass@site.com/page.php');

I got no such file or directory error.

I think that I still need a little help ,
Thanks
0
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

 
LVL 10

Expert Comment

by:eeBlueShadow
ID: 10947846
I have to say again that I really don't think there is any way to bypass the login dialog if you want to use HTTP authentication.

HTTP authentication is actually pretty strong and was designed not to be able to be circumvented as easily as you are trying to do. If you are that keen to avoid the login box, you will have to implement some more advanced login mechanism, such as using PHP to handle everything.

This tutorial at devshed (http://www.devshed.com/c/a/PHP/User-Authentication-With-Apache-And-PHP/) was what got me started with putting together a PHP auth system, maybe it'll be good enough for you...

_Blue
0
 

Author Comment

by:ferassh
ID: 10948354
Hi again
At first thanks 2 u all, but I still haven't got what I want.

Is there any way to pass the username and password to this authentication dialog?

I don't want to bypass it or disable it, I just want to access using my php page without the user intervention.

Feras,
0
 
LVL 10

Accepted Solution

by:
eeBlueShadow earned 40 total points
ID: 10948464
There really isn't. The browser has to see and respond to the 401 error message itself, you can't pass it from a server side script or even from a client side script, because the 401 error code which prompts the browser to popup the dialog box is a completely separate entity from any page that is displayed.

The first few pages of the tutorial I linked to explain this, page 3 (http://www.devshed.com/c/a/PHP/User-Authentication-With-Apache-And-PHP/3/) talks about your problem specifically, and is the best reference I've found for getting a system running which doesn't require the popup authentication.

There isn't an easy answer, I'm afraid,
_Blue
0
 

Assisted Solution

by:xernous
xernous earned 40 total points
ID: 11073176
hmm im not sure if that diddnt work, you might try specyfing the protocol or something though..

such as http://username:password@somesite.com

but i know for fact the username:password@site.com will bypass it.. because a but back i worked on a website using PHP_AUTH_USER nad PHP_AUTH_PASS for administative authentication and after you failed to login three times it wouldnt let you login normally after that, it wouldnt display anything properly.. and i had some compt problems so my compt wasnt updating the files or somethign after that.. and i used that method to get around it.

but yeah..
0
 
LVL 1

Expert Comment

by:regisw
ID: 11096226
I tried to find a solution to bypass a dialog box with javascript with this script:

<script language="javascript">          
function doRequest()            
{              
var url =  "http://www.site.net/members/";                
var xmlHttp;                
try
{
netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
xmlHttp = new XMLHttpRequest();                
}                
catch (e)                
{                    
xmlHttp = new ActiveXObject("Msxml2.XMLHTTP");              
}                
xmlHttp.open("GET", url, false, "user", "pass");              
xmlHttp.send(null);                
xmlHttp = null;                
location.replace(url);            
}            
window.onload = doRequest;        
</script>

It must normally work with IE and Mozilla, it worked with some people that it tested it for me. I don't know why, but when I test this script on my computer, I have an error in both IE and Mozilla (Permission denied to call method XMLHttpRequest.open). If someone knows what's wrong, I think it's a good alternative of http://user:pass@domain.com.
It can also be included in a php script.

Régis
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

There are two main kinds of selectors in CSS: One is base selector like h1, h2, body, table or any existing HTML tags.  For instance, the following rule sets all paragraphs (<p> elements) to red: (CODE) CSS also allows us to define our own custom …
Introduction Since I wrote the original article about Handling Date and Time in PHP and MySQL (http://www.experts-exchange.com/articles/201/Handling-Date-and-Time-in-PHP-and-MySQL.html) several years ago, it seemed like now was a good time to updat…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
The viewer will receive an overview of the basics of CSS showing inline styles. In the head tags set up your style tags: (CODE) Reference the nav tag and set your properties.: (CODE) Set the reference for the UL element and styles for it to ensu…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question