how to set a user/pass to avoid the login prompt

is there anyway to set a user/pass in php to avoid the login prompt from HTTP authentication?
I want to by pass the login prompt with my own login form.
LVL 7
tankergoblinAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

frasercCommented:
Hi,

You would need to remove the HTTP authentication to remove the prompt as there is no way to suppress or populate the dialogue box .
Usually this would be achieved by removing the relevant lines from the relevant Apache .htaccess file.

F.
0
geowrianCommented:
Or changing IIS security options to use anonymous access.
0
tankergoblinAuthor Commented:
i do not want a dialogue box i want to by pass the login page and direct me to the page that i want
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

tankergoblinAuthor Commented:
i do not want a dialogue box i want to by pass the login page and direct me to the page that i want

i have try to copy the source code on the login page to my page and manually enter the use/pass and that doest work
0
tankergoblinAuthor Commented:
im using apache

0
geowrianCommented:
understood, those are probably your best solutions. If you really want to do it anyway, look here:

http://us2.php.net/features.http-auth
0
tankergoblinAuthor Commented:
can you a simple code for me to see?
0
tankergoblinAuthor Commented:
base on above how does the code know which site i want to login
and which username and password i need to type in?


<?php
if (!isset($_SERVER['PHP_AUTH_USER'])) {
    header('WWW-Authenticate: Basic realm="My Realm"');
    header('HTTP/1.0 401 Unauthorized');
    echo 'Text to send if user hits Cancel button';
    exit;
} else {
    echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
    echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";
}
?>
0
tankergoblinAuthor Commented:
furthermore the page you show me is to prompt login for me type in username and password
i dont want this
i want to by pass login page.
0
geowrianCommented:
Understood. Those are the headers its checks. Is the page running under the same web application / server? If so, running php under Apache as a module, you should be able to set

$_SERVER['PHP_AUTH_USER'] = username;
and
$_SERVER['PHP_AUTH_PW'] = password;

If not, you are probably SOL since you can't force the headers sent to a foreign application / host. At best, you could proxy the information, but that's a stretch. If the foreign website doesn't like you doing this, they could cut you off at any time.
0
frasercCommented:
Please read my fist comment again. If you dont want a dialogue the you MUST remove the http authentication. You cannot bypass or supress the authentication - only remove it!
0
sscottiCommented:
You must have an .htaccess file in the directory.  Make sure that you can view invisible files and look for an .htaccess file.  You must have authentication set up.  If that is all there is in the .htaccess file you can probably delete it.  Otherwise, you need to remove just the part that checks for the correct username/password, usually an some code to restrict access.
0
frasercCommented:
@geowrian, @tankergoblin - The page can not load UNTIL IT HAS AUTHENTICATED, so NO php code can run at all!

@sscoti - That* is exactly* what I said in the first answer to the question (ID:24456505) and in my last comment (ID:24457407)
0
sscottiCommented:
@fraserc:  You are right.  Just not sure it he tried it from the comments.
0
sscottiCommented:
Some ftp browsers or file managers require you to set your preferences to see invisible files in order to see the .htaccess file.
0
geowrianCommented:
@fraserc
That's correct; however, if the code is running within the same web application scope, a php script (that does not require authentication to load) can set those parameters prior to redirecting the user to the page that does require authentication. Although I have not done this personally, it is plausible. That said, I am reiterating that I do not suggest this approach.

And the ability to proxy the information is still possible via php, but I also do not suggest that.
0
frasercCommented:
@geowrian - AFAIK none of that is possible as the parameters will be cleared as soon as the authenticatiopn request is made. You cannot bypass or supress authentication by 'proxy' or any other means. I would be shocked to see any working method that could do this (other than Brute force, Dictionary or packet analysis). I have never tried it myself but the old un and pw in the URL *may* work bgut I really doubt it
e.g. http(s)://username:password@server/resource.ext
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.