Hi all,
I have the following script that (in theory) would work:
<?
function authenticate() {
header("WWW-Authenticate: Basic realm=\"Member Area\"");
header("HTTP/1.0 401 Unauthorized");
print("You must enter a valid login username and password to access this
resource.\n");
exit;
}
if (!isset($PHP_AUTH_USER)) {
authenticate();
} else {
$c = mysql_pconnect("localhost","XXXXX","XXXXX");
mysql_select_db("httpauth",$c);
$q=sprintf("SELECT username, password FROM login_table
WHERE username='%s' AND password='%s'",
$PHP_AUTH_USER,$PHP_AUTH_PW);
$q=mysql_query($q);
if (mysql_num_rows($q) == 0 ) {
authenticate();
}
// Open or create the .htpasswd file - store the username and a fake
password
$handle = fopen ("/path/to/file/.htpasswd", "a+");
// .htpasswd format is: USERNAME:PASSWORD
$clean = rand(0,9999999999);
$fake_password = crypt($clean,substr($clean,0,2));
$string = "$PHP_AUTH_USER:$fake_password\n";
fwrite($handle, $string);
fclose($handle);
// print "You are logged in as: $PHP_AUTH_USER with password $PHP_AUTH_PW -
FAKE IS: $fake_password";
$url = "http://$PHP_AUTH_USER:$clean@server/member/index.php";;
header ("Content-Location: $url");
}
?>
So here is the basics: The user authenticates using http auth against a
MySQL database - if the username and password is corrent then a NEW entry is
created in a .htpasswd file - this file contains the username along with an
unknown password. Why? To prevent people from posting passwords... (we can
monitor the number of logins from the PHP script).
If I make a Location: username:password@server/ then it simply fails :(
However if I make a metatag with a refresh (GET) to the same url then it
works just fine.
Am I missing something? Or?
Your input and help is appreciated - please answer to this email as well :-)
Thanks in advance
Regards
--
Lasse Laursen <[EMAIL PROTECTED]> - Systems Developer
NetGroup A/S, St. Kongensgade 40H, DK-1264 K�benhavn K, Denmark
Phone: +45 3370 1526 - Fax: +45 3313 0066 - Web: www.netgroup.dk
- Don't be fooled by cheap finnish imitations ; BSD is the One True Code
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
