PHP-.htaccess-CGI

Hi all,

I created a set of pages with PHP for login using a database. Now, I
need to
link to a lot of CGI programs in a folder with protected-access
(.htaccess). The
username and password are the same as the ones people use to login
with. Is there a way to use the session usrname/password for the HTTP
authentication to that folder ?? If I remove the .htaccess for that
particular folder, then all those files will have access without any
kind of authentication.

I tried username:password@www.example.com . But this doesnt work with
IE 6. So I need something else.

Or is there any server/env /session variable that can be checked in the
beginning of these CGI programs or redirect to login page. This way I
can add a line in all those cgi programs to check whether a variable is
set or not. And remove the .htaccess file.

Can I set $_ENV['REMOTE_USER'] to some value ?? Or it can only b set
by apache ??

My plan is to set $_ENV['REMOTE_USER'] to username when user logs in
and in the cgi script, check if $_ENV['REMOTE_USER'] is defined.

>Can I set $_ENV['REMOTE_USER'] to some value ?? Or it can only b set
>by apache ??

Don't expect such a change to last longer than a single page run,
if it works at all. You probably want to look at $_SESSION[] and
sessions.

Gordon L. Burditt

*** psk79 wrote/escribió (28 Apr 2005 11:20:29 -0700):
> I created a set of pages with PHP for login using a database. Now, I
> need to
> link to a lot of CGI programs in a folder with protected-access
> (.htaccess). The
> username and password are the same as the ones people use to login
> with. Is there a way to use the session usrname/password for the HTTP
> authentication to that folder ?? If I remove the .htaccess for that
> particular folder, then all those files will have access without any
> kind of authentication.

I've not really understood what you're trying to accomplish. With Apache
you can password protect CGI files the very same way you protect any other
type of resource: copy your .htaccess file to your cgi-bin folder or any
parent folder.

Maybe you want to write a CGI script that makes use of HTTP authentication.
There must probably be some pre-written libraries out there; the method
itself is not hard to implement, but you need to find and read the RFC
document (you must send an specific HTTP header with auth info). You can
also connect with a browser and sniff the header sent by it. The
LiveHTTPHeaders extension for Mozilla/Firefox makes so very easy.


> I tried username:password@www.example.com . But this doesnt work with
> IE 6. So I need something else.

All modern browsers allow you to store passwords, you don't need to add it
to bookmarks, if that's what you mean.


--
-- Álvaro G. Vicario - Burgos, Spain
-- http://bits.demogracia.com - Mi sitio sobre programación web
-- Don't e-mail me your questions, post them to the group
--