Solved

phpMyAdmin Login with IIS 6.0

Posted on 2006-06-15
2
289 Views
Last Modified: 2013-12-12
I have a secure website setup where users have to enter a username and password to enter the site. The password protection is setup in IIS. Some of my users use phpMyAdmin. Is there a way to login to phpMyAdmin automatically with the username and password they supplied when they logged into the site? Or, is there a way to retrieve the username and password they entered using php? Thanks.
0
Comment
Question by:rbichon
2 Comments
 
LVL 9

Accepted Solution

by:
LinuxNubb earned 250 total points
ID: 16916087
You could look for $_SERVER['AUTH_USER'], and if it's a valid username it means the user authenticated.  This variable only works with IIS.  You would then have to do a type of 'hidden' login where you basically force a session on phpmyadmin.  So, if this variable is set, find the routine in phpmyadmin that validates a login and redirects to the phpmyadmin homepage.  
0
 
LVL 1

Author Comment

by:rbichon
ID: 16919322
I see what you mean. I could probably alter the config.inc.php file, which dictates how it should login, to search for the username and apply that along with the password. The only trick would be to encrypt the passwords.

I found another way of authenticating but it isn't run through IIS. In the config.inc.php file, you set $cfg['Servers'][$i]['auth_type'] = 'http'; which causes php to handle the authentication. The only problem is that this doesn't provide any directory security. Do you think this way posses any security issues? Keep in mind that we have a secure certificate in place and users have to connect through a secure connection.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now