PHP Upload Script conflicts wtih HTPASSWD

Hi All,

I'm using a free PHP Upload script found here: http://clement.beffa.org/labs/projects/w2box/

It's just what my client needs for their website.  I've got everything working as planned, however, it appears that the administrative login function in the PHP script conflicts with my HTACCESS password protected directory.  Very simply, the script resides in the folder that is protected.  Its an upload function that is privy to clients only, not the public.  When you are prompted by HTACCESS on page load, the username and password that exists in .htpasswd works like a charm.  However, when you try to login to the administrative section of the script, it fails.  I think this is happening because the script is using HTTP authentication which conflicts.

Any help is greatly appreciated.
Here's the code from the config.php script:
 
$config['admin_actived'] = true;
$config['admin_username'] = "username";
$config['admin_password'] = "password";
 
Here's the code from my index.php page:
 
$auth = !$config['admin_actived'];
authorize(true); //silent authorize first
if (isset($_GET["admin"])) {
	authorize();
	Header("Location: ".rooturl());
}
 
Here's the code from my .htaccess:
 
AuthUserFile .htpasswd
AuthGroupFile /dev/null
AuthName EnterPassword
AuthType Basic
 
require valid-user
 
RewriteEngine on
 
RewriteCond %{QUERY_STRING} ^$
RewriteRule ([^\s]+).php$ $1.php?BAD_HOSTING=%{HTTP:Authorization}
 
RewriteCond %{QUERY_STRING} ^(.+)$
RewriteRule ([^\s]+).php $1.php?%1&BAD_HOSTING=%{HTTP:Authorization}

Open in new window

LVL 9
pmagonyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

caterham_wwwCommented:
> I think this is happening because the script is using HTTP authentication which conflicts.

Yes, you can't use two HTTP authentication layers at the same time. If you're authenticated in /foo via .htaccess, you're not authenticated in your php script, if you're now authenticated in/for your php script, you're not authenticated for the webserver (.htaccess); this process loops.

Possible "solution": Don't use HTTP auth for your php script (may be in favor of a login form which checks the supplied username/password and uses a session to store the login).
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pmagonyAuthor Commented:
Thank you for your response.  Here's what I ended up doing... I ended up making sure that the HTTP auth user/pass in the PHP script matched the user/pass for "administrator" in my htaccess/htpasswd files.  This way, when I login on the first layer, it automatically authenticates me with the script.

All other user/pass combos are not admin so it works out perfectly.

I'm going to credit you the points for setting my marbles back in order.

Thanks bud!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.