user name

i am going through the process of password protecting a directory using
..htaccess and .htpasswd
Is there a function to get the user name?

Thanks

..htpasswd is a text file. The user name's in it are not encrypted. On
each line, you'll find a username, then a colon (:), and then the
encrypted password. Assuming you can read that file, you could run a
regular expression on it to parse out the usernames.

Why do you need them? Just curious. Generally, people either do their
authentication in PHP or via .htaccess. It seems you're trying to do
some combination of the two.

"mickeyg" <meshulamtemp@yahoo.com> wrote in message news:PkVdd.6818$Ug4.4058@trndny01...
> i am going through the process of password protecting a directory using
> .htaccess and .htpasswd
> Is there a function to get the user name?

use the $_SERVER superglobal array:

$_['PHP_AUTH_USER']
When running under Apache as module doing HTTP authentication this variable is set to the username provided by the user.

$_['PHP_AUTH_PW']

When running under Apache as module doing HTTP authentication this variable is set to the password provided by the user.

http://us2.php.net/manual/en/reserve...riables.server

____________________________________
Wil Moore III, MCP | Integrations Specialist | Assistant Webmaster

mickeyg wrote:
> i am going through the process of password protecting a directory using
> .htaccess and .htpasswd
> Is there a function to get the user name?

The $_SERVER superglobal array /may have/ the authentication elements:

<quote src="http://pt.php.net/manual/en/reserved.variables.php">
'PHP_AUTH_USER'
When running under Apache as module doing HTTP authentication
this variable is set to the username provided by the user.

'PHP_AUTH_PW'
When running under Apache as module doing HTTP authentication
this variable is set to the password provided by the user.

'AUTH_TYPE'
When running under Apache as module doing HTTP authenticated this
variable is set to the authentication type.
</quote>
--
USENET would be a better place if everybody read:
http://www.expita.com/nomime.html
http://www.netmeister.org/news/learn2quote2.html
http://www.catb.org/~esr/faqs/smart-questions.html

phpinfo();


||

$_SERVER['PHP_AUTH_USER']

$_SERVER['PHP_AUTH_PASS'] // not sure

--
Sat_

>.htpasswd is a text file. The user name's in it are not encrypted. On
>each line, you'll find a username, then a colon (:), and then the
>encrypted password. Assuming you can read that file, you could run a
>regular expression on it to parse out the usernames.

I believe the OP wants the user name of the user accessing the page
this time, not all of them.

To further complicate things, there is no guarantee that the .htpasswd
file is in *THIS* directory.

>Why do you need them? Just curious. Generally, people either do their
>authentication in PHP or via .htaccess. It seems you're trying to do
>some combination of the two.

It is perfectly reasonable to have a restricted-access page, and further
let the page use the user name of the person accessing it, for
various purposes:

- Logging who did what.
- Using preferences individual to each user.
- Granting privileges individual to each user (determined, say, from
looking in a database or even hardcoded into the script).

Sometimes it is convenient to let Apache do the authentication (browsers manage
to store authentication info so you can come back at any time without needing
sessions or other such stuff. If your security policy isn't worried about
logins with no timeouts or unattended computers, this is great.) and then
let PHP hand out individual privileges based on WHO logged in.

The authenticated user shows up in $_SERVER['REMOTE_USER'] from Apache.
PHP also puts the user in $_SERVER['PHP_AUTH_USER'] and the password
in $_SERVER['PHP_AUTH_PW'] .

Gordon L. Burditt

Thank you this is what I was looking for

Gordon,

Thanks for the info. I didn't know that the username and password
provided during the .htaccess authentication process were availible to
PHP through server variables. Thanks for explaining their use.

Gordon Burditt wrote:
>
> >.htpasswd is a text file. The user name's in it are not encrypted. On
> >each line, you'll find a username, then a colon (:), and then the
> >encrypted password. Assuming you can read that file, you could run a
> >regular expression on it to parse out the usernames.
>
> I believe the OP wants the user name of the user accessing the page
> this time, not all of them.
>
> To further complicate things, there is no guarantee that the .htpasswd
> file is in *THIS* directory.
>
> >Why do you need them? Just curious. Generally, people either do their
> >authentication in PHP or via .htaccess. It seems you're trying to do
> >some combination of the two.
>
> It is perfectly reasonable to have a restricted-access page, and further
> let the page use the user name of the person accessing it, for
> various purposes:
>
> - Logging who did what.
> - Using preferences individual to each user.
> - Granting privileges individual to each user (determined, say, from
> looking in a database or even hardcoded into the script).
>
> Sometimes it is convenient to let Apache do the authentication (browsers manage
> to store authentication info so you can come back at any time without needing
> sessions or other such stuff. If your security policy isn't worried about
> logins with no timeouts or unattended computers, this is great.) and then
> let PHP hand out individual privileges based on WHO logged in.
>
> The authenticated user shows up in $_SERVER['REMOTE_USER'] from Apache.
> PHP also puts the user in $_SERVER['PHP_AUTH_USER'] and the password
> in $_SERVER['PHP_AUTH_PW'] .

I like to do this for the priveleges and logging you mentioned and also peace of
mind - I know that, if I ever accidentally overwrite the .htaccess and don't
notice, nobody will be able to wander on in and screw everything up.

Shawn

--
Shawn Wilson
shawn@glassgiant.com
http://www.glassgiant.com