Hi there,

I was wondering, whether it is possible to "login" to a .htaccess protected folder on my server using php's function fsockopen. At the moment I can run the script which is stored in the folder which I want to protect. The script looks like this:

<?php
function connect($sHost) {
$rSocket = fsockopen($sHost, 80, $iError, $sError);
if (!$rSocket) die($iError . ": " . $sError);
else {
$sUrl = "/path/to/script.php";
fputs($rSocket, "GET " . $sUrl . " HTTP/1.1\r\nHost: " . $sHost . "\r\n\r\n");
fclose($rSocket);
}
}
?>

So I think all I need to change is the fputs second argument to send username and password. But what would I need to write?

Cheers,

Frank

bit of a shot in the dark but you can always try i suppose :)

after a quick dig in HTTP protocol documentationhere (http://www.w3.org/Protocols/HTTP/1.0/draft-ietf-http-spec.html#BasicAA) it seems you have to add a line like this to your fputs:

Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

wich would make this in your script


function connect($sHost) {
$rSocket = fsockopen($sHost, 80, $iError, $sError);
if (!$rSocket) die($iError . ": " . $sError);
else {
$sUrl = "/path/to/script.php";
$sQuery = "GET " . $sUrl . " HTTP/1.1\r\n";
$sQuery .= "Host: " . $sHost . "\r\n";"
$sQuery .= "Authorization: Basic " . base64_encode("username:password) . "\r\n\r\n"


fputs($rSocket,);
fclose($rSocket);
}
}

You could also use cURL, or use the username and password in the url.


http://user:pass@somesite.com/securearea/

pwned :p

Thanks guys,

I used the first method by whackaxe and it worked fine.

Cheers,

Frank