Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Posting PHP_AUTH_USER & PHP_AUTH_PW

Posted on 2004-04-27
10
Medium Priority
?
736 Views
Last Modified: 2012-05-05
Hi 2U ALL
I've a page with a basic authentication , I need to access it from PHP page without getting the username-password dialog, I've Treid the following but I'm still getting the dialog requiring the username and passowrd again, so how can I post the username and password through my PHP page?

$PHP_AUTH_USER='testuser';
$PHP_AUTH_PW='testpass';
header("location: /$pathToAuthenticationPage");

but still getting the dialog although the username and passord are correct for sure.

thanks in advance
FERAS
BYE
0
Comment
Question by:ferassh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
10 Comments
 
LVL 10

Expert Comment

by:eeBlueShadow
ID: 10927180
The authentication dialog presented after a 401 (Authentication required) response means that the *browser* has to send authentication, you could try telling the user the name and password to use, but without lowering the security of the protected page this isn't possible, I'm afraid.

The $PHP_AUTH_USER and $PHP_AUTH_PW variables (also available through $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW']) are set by the server every time the page is loaded up.

_Blue
0
 

Expert Comment

by:xernous
ID: 10946786
that would work
or you could go

youruser:yourpass@yoursite.com/path-to-file-here

it works just as simply, if your say including or requiring the file.
-XeRnOuS
0
 

Author Comment

by:ferassh
ID: 10947467
Hi
I read your comment xernous but how can I use it in my php file,

I tried this but it didn't work:
include('name:pass@site.com/page.php');

I got no such file or directory error.

I think that I still need a little help ,
Thanks
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 10

Expert Comment

by:eeBlueShadow
ID: 10947846
I have to say again that I really don't think there is any way to bypass the login dialog if you want to use HTTP authentication.

HTTP authentication is actually pretty strong and was designed not to be able to be circumvented as easily as you are trying to do. If you are that keen to avoid the login box, you will have to implement some more advanced login mechanism, such as using PHP to handle everything.

This tutorial at devshed (http://www.devshed.com/c/a/PHP/User-Authentication-With-Apache-And-PHP/) was what got me started with putting together a PHP auth system, maybe it'll be good enough for you...

_Blue
0
 

Author Comment

by:ferassh
ID: 10948354
Hi again
At first thanks 2 u all, but I still haven't got what I want.

Is there any way to pass the username and password to this authentication dialog?

I don't want to bypass it or disable it, I just want to access using my php page without the user intervention.

Feras,
0
 
LVL 10

Accepted Solution

by:
eeBlueShadow earned 160 total points
ID: 10948464
There really isn't. The browser has to see and respond to the 401 error message itself, you can't pass it from a server side script or even from a client side script, because the 401 error code which prompts the browser to popup the dialog box is a completely separate entity from any page that is displayed.

The first few pages of the tutorial I linked to explain this, page 3 (http://www.devshed.com/c/a/PHP/User-Authentication-With-Apache-And-PHP/3/) talks about your problem specifically, and is the best reference I've found for getting a system running which doesn't require the popup authentication.

There isn't an easy answer, I'm afraid,
_Blue
0
 

Assisted Solution

by:xernous
xernous earned 160 total points
ID: 11073176
hmm im not sure if that diddnt work, you might try specyfing the protocol or something though..

such as http://username:password@somesite.com

but i know for fact the username:password@site.com will bypass it.. because a but back i worked on a website using PHP_AUTH_USER nad PHP_AUTH_PASS for administative authentication and after you failed to login three times it wouldnt let you login normally after that, it wouldnt display anything properly.. and i had some compt problems so my compt wasnt updating the files or somethign after that.. and i used that method to get around it.

but yeah..
0
 
LVL 1

Expert Comment

by:regisw
ID: 11096226
I tried to find a solution to bypass a dialog box with javascript with this script:

<script language="javascript">          
function doRequest()            
{              
var url =  "http://www.site.net/members/";                
var xmlHttp;                
try
{
netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
xmlHttp = new XMLHttpRequest();                
}                
catch (e)                
{                    
xmlHttp = new ActiveXObject("Msxml2.XMLHTTP");              
}                
xmlHttp.open("GET", url, false, "user", "pass");              
xmlHttp.send(null);                
xmlHttp = null;                
location.replace(url);            
}            
window.onload = doRequest;        
</script>

It must normally work with IE and Mozilla, it worked with some people that it tested it for me. I don't know why, but when I test this script on my computer, I have an error in both IE and Mozilla (Permission denied to call method XMLHttpRequest.open). If someone knows what's wrong, I think it's a good alternative of http://user:pass@domain.com.
It can also be included in a php script.

Régis
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are two main kinds of selectors in CSS: One is base selector like h1, h2, body, table or any existing HTML tags.  For instance, the following rule sets all paragraphs (<p> elements) to red: (CODE) CSS also allows us to define our own custom …
Without even knowing it, most of us are using web applications on a daily basis.  In fact, Gmail and Yahoo email, Twitter, Facebook, and eBay are used by most of us daily—and they are web applications. We generally confuse these web applications to…
Viewers will learn one way to get user input in Java. Introduce the Scanner object: Declare the variable that stores the user input: An example prompting the user for input: Methods you need to invoke in order to properly get  user input:
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question