Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Hi all,

I created a set of pages with PHP for login using a database. Now, I
need to
link to a lot of CGI programs in a folder with protected-access
(.htaccess). The
username and password are the same as the ones people use to login
with. Is there a way to use the session usrname/password for the HTTP
authentication to that folder ?? If I remove the .htaccess for that
particular folder, then all those files will have access without any
kind of authentication.

I tried . But this doesnt work with
IE 6. So I need something else.

Re: PHP-.htaccess-CGI

Or is there any server/env /session variable that can be checked in the
beginning of these CGI programs or redirect to login page.  This way I
can add a line in all those cgi programs to check whether a variable is
set or not. And remove the .htaccess file.

Re: PHP-.htaccess-CGI

Can I set $_ENV['REMOTE_USER']  to some value ?? Or it can only b set
by apache ??

My plan is to set $_ENV['REMOTE_USER'] to username when user logs in
and in the cgi script, check if $_ENV['REMOTE_USER'] is defined.

Re: PHP-.htaccess-CGI

Quoted text here. Click to load it

Don't expect such a change to last longer than a single page run,
if it works at all.  You probably want to look at $_SESSION[] and

                        Gordon L. Burditt

Re: PHP-.htaccess-CGI

*** psk79 wrote/escribió (28 Apr 2005 11:20:29 -0700):
Quoted text here. Click to load it

I've not really understood what you're trying to accomplish. With Apache
you can password protect CGI files the very same way you protect any other
type of resource: copy your .htaccess file to your cgi-bin folder or any
parent folder.

Maybe you want to write a CGI script that makes use of HTTP authentication.
There must probably be some pre-written libraries out there; the method
itself is not hard to implement, but you need to find and read the RFC
document (you must send an specific HTTP header with auth info). You can
also connect with a browser and sniff the header sent by it. The
LiveHTTPHeaders extension for Mozilla/Firefox makes so very easy.

Quoted text here. Click to load it

All modern browsers allow you to store passwords, you don't need to add it
to bookmarks, if that's what you mean.

-- Álvaro G. Vicario - Burgos, Spain
-- - Mi sitio sobre programación web
-- Don't e-mail me your questions, post them to the group

Site Timeline