...

View Full Version : .htaccess login



chilipie
10-27-2004, 01:39 PM
2 Questions:


1. Can you logout from a (.htaccess) session by clicking on a link, and if yes how?


2. Is there a way of using an HTML form to login to a .htaccess protected directory?

Thanks in advance :thumbsup: .

Span
10-28-2004, 08:50 PM
1. No. Not really. Maybe.
http://www.ssi-developer.net/htaccess/htaccess_logout.shtml

2. No. If you want to use a form you need PHP or Perl.

chilipie
10-28-2004, 10:08 PM
Ok thanks, that articles interesting. I might have a go at that...

Is using PHP or Perl more secure than .htaccess?

gsnedders
10-28-2004, 11:12 PM
Yes, you can use a form, I'd recommend you use a PHP or other server side script for this...

PHP example:
login.html

<form action="login.php" method="post">
Username: <input type="text" name="user" /><br />
Password: <input type="password" name="pass" />
</form>

login.php


<?PHP
$user = $_POST['user'];
$pass = $_POST['pass'];
If ($user == '') || ($pass == '') {
echo 'No Username or Password';
} else {
header ("Location: http://$user:$pass@example.com/htaccess/");
}
?>


JavaScript
If you don't have PHP, there's always JavaScript, but remember it can be disabled....

http://javascript.internet.com/navigation/htaccess-login.html

chilipie
10-29-2004, 10:27 PM
Hmm.... :confused:

I copied the PHP code and changed the domain etc. and got the following error.



Parse error: parse error, unexpected T_BOOLEAN_OR in /home/redblizz/public_html/haze8/login.php on line 4


(Just in case I did change something accidently, here's my code.)



<?PHP
$user = $_POST['user'];
$pass = $_POST['pass'];
If ($user == '') || ($pass == '') {
echo 'No Username or Password';
} else {
header ("Location: http://$user:$pass@redblizzard.astahost.com/haze8/private/");
}
?>

bnovc
10-31-2004, 09:20 PM
I wrote this in the box here, so it may have an error.

I think this is what you are looking for? Perhaps you are still trying to incorporate htaccess though?



<?PHP
$users = array(
'username' => 'password',
);

if(empty($_POST['user']) || empty($_POST['pass'])
{
echo 'No Username or Password';
}else
{
if(isset($users[$_POST['user']]))
{
if(strtolower($users[$_POST['user']]) == strtolower($_POST['pass'])))
{
header ('Location: http://place');
}else
{
echo 'Invalid Password';
}
}else
{
echo 'Invalid Username';
}
}
?>

chilipie
11-03-2004, 07:53 PM
Perhaps you are still trying to incorporate htaccess though?


Yep. What I am trying to do is use a PHP script to login to an area (directory/folder, whatever) protected by .htaccess.

gsnedders
11-03-2004, 10:58 PM
Hmm.... :confused:

I copied the PHP code and changed the domain etc. and got the following error.



(Just in case I did change something accidently, here's my code.)



<?PHP
$user = $_POST['user'];
$pass = $_POST['pass'];
If ($user == '') || ($pass == '') {
echo 'No Username or Password';
} else {
header ("Location: http://$user:$pass@redblizzard.astahost.com/haze8/private/");
}
?>


My fault...



<?PHP
$user = $_POST['user'];
$pass = $_POST['pass'];
If ($user == '' || $pass == '') {
echo 'No Username or Password';
} else {
header ("Location: http://$user:$pass@redblizzard.astahost.com/haze8/private/");
}
?>

That should work...

chilipie
11-04-2004, 05:19 PM
Thanks :p . The only bad thing is that the user/password is shown in the address bar. Is it possible to stop that?

gsnedders
11-04-2004, 07:29 PM
Thanks :p . The only bad thing is that the user/password is shown in the address bar. Is it possible to stop that?

Nope... :(

JamieR
11-04-2004, 11:54 PM
there *should* be a way to supress the outputted URL from the script that masks the username and password in the URL string.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum