.htaccess login

2 Questions:

1. Can you logout from a (.htaccess) session by clicking on a link, and if yes how?

2. Is there a way of using an HTML form to login to a .htaccess protected directory?

Thanks in advance :thumbsup: .

1. No. Not really. Maybe.
http://www.ssi-developer.net/htaccess/htaccess_logout.shtml

2. No. If you want to use a form you need PHP or Perl.

Ok thanks, that articles interesting. I might have a go at that...

Is using PHP or Perl more secure than .htaccess?

Yes, you can use a form, I'd recommend you use a PHP or other server side script for this...

PHP example:
login.html
<form action="login.php" method="post">
Username: <input type="text" name="user" /><br />
Password: <input type="password" name="pass" />
</form>

login.php

<?PHP
$user = $_POST['user'];
$pass = $_POST['pass'];
If ($user == '') || ($pass == '') {
echo 'No Username or Password';
} else {
header ("Location: http://$user:$pass@example.com/htaccess/");
}
?>


JavaScript
If you don't have PHP, there's always JavaScript, but remember it can be disabled....

http://javascript.internet.com/navigation/htaccess-login.html

Hmm.... :confused:

I copied the PHP code and changed the domain etc. and got the following error.


Parse error: parse error, unexpected T_BOOLEAN_OR in /home/redblizz/public_html/haze8/login.php on line 4


(Just in case I did change something accidently, here's my code.)


<?PHP
$user = $_POST['user'];
$pass = $_POST['pass'];
If ($user == '') || ($pass == '') {
echo 'No Username or Password';
} else {
header ("Location: http://$user:$pass@redblizzard.astahost.com/haze8/private/");
}
?>

I wrote this in the box here, so it may have an error.

I think this is what you are looking for? Perhaps you are still trying to incorporate htaccess though?


<?PHP
$users = array(
'username' => 'password',
);

if(empty($_POST['user']) || empty($_POST['pass'])
{
echo 'No Username or Password';
}else
{
if(isset($users[$_POST['user']]))
{
if(strtolower($users[$_POST['user']]) == strtolower($_POST['pass'])))
{
header ('Location: http://place');
}else
{
echo 'Invalid Password';
}
}else
{
echo 'Invalid Username';
}
}
?>

Perhaps you are still trying to incorporate htaccess though?


Yep. What I am trying to do is use a PHP script to login to an area (directory/folder, whatever) protected by .htaccess.

Hmm.... :confused:

I copied the PHP code and changed the domain etc. and got the following error.



(Just in case I did change something accidently, here's my code.)


<?PHP
$user = $_POST['user'];
$pass = $_POST['pass'];
If ($user == '') || ($pass == '') {
echo 'No Username or Password';
} else {
header ("Location: http://$user:$pass@redblizzard.astahost.com/haze8/private/");
}
?>


My fault...


<?PHP
$user = $_POST['user'];
$pass = $_POST['pass'];
If ($user == '' || $pass == '') {
echo 'No Username or Password';
} else {
header ("Location: http://$user:$pass@redblizzard.astahost.com/haze8/private/");
}
?>

That should work...

Thanks :p . The only bad thing is that the user/password is shown in the address bar. Is it possible to stop that?

Thanks :p . The only bad thing is that the user/password is shown in the address bar. Is it possible to stop that?

Nope... :(

there *should* be a way to supress the outputted URL from the script that masks the username and password in the URL string.