At 23.04.2002 09:52, you wrote: > >I have one directory that is protected with an .htaccess file on my server >where I store all member content. What I want to do is have a page where >members can log in, and after they have entered there user name and password >I what the php script to authenticate them against the .htaccess file. If >they are authenticated I would like to keep track of that as one of there >session variables, so that they do not have to re-authenticate when they try >to access content in the protected directory. Essentially what I am trying >to do is give them access to the .htaccess protected based from a "submit >form". Instead of requiring that they get the standard user name and >password pop up window that one gets when you try to access a directory that >is password protected on Apache.
Why do you want to make such a hassle ?? If you auth via Apache, then it´s a secure thing, as these vals where put secure. If you want people to access a hidden directory or a .htyccess closed dir, you´ll send their user/pw combination plaintext, unless you use https. Also, if they auth´ed one time, the browser will remember the data, until it is closed. The auth-popup will be shown in the browsers language. If you want apache, to get scripts or data from a "secured" directory, forget it or include the apache user in the .htpasswd, but that´s not a good idea. HTH Oliver -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
