weird htaccess / passwd crossover

phase66 · 09-05-2008, 04:28 PM

Hi guys, great site.
I'm having a strange issue with the password dialogues for linux password protected folders.
One folder called admin is protected with
.htaccess

Code:

AuthType Basic
AuthName "Admin Console"
AuthUserFile "/root/to/admin/passwd"
require valid-user

and .htpasswds/... as appropriate with user:cryptpass

A php function within admin creates folders in another folder called ftp

PHP Code:


			
if ($form_sent) {



    // remove everything but letters and numbers from folder name

    $pattern = "/[^A-Za-z0-9_]/";

    $folder_name = preg_replace($pattern, "", $folder_name);

    // create folder and put index page in it which will include one central index page

    $dir = "ftp/";

    if (is_dir($dir)) {

    

        // if folder doesnt already exist in ftp

        if (!is_dir($dir . $folder_name)) {

        

            mkdir($dir . $folder_name);

            chmod($dir . $folder_name,0777);

            // copy the relevant files into new folder

            copy($dir . "index.php", $dir . $folder_name . "/index.php");

            

            // do the passwords for ftp folders

            $passfile = "/root/to/ftp/passwd";

            if (file_exists($passfile)) {

            

                // open pw file for writing

                $fp = fopen($passfile,"w");

                // open dir to read for usernames

                $handle = opendir("ftp");

                // loop thru using dir name as user for each folder in ftp

                while (false !== ($file = readdir($handle))){

                

                    if ($file != "." && $file != ".." && $file != "index.php" && $file != "ftp_console.php" && $file != ".htaccess") {

                    

                        $un = $file;

                        $pw = "password";

                        $pw2 = crypt($pw);

                        $text = "$un:$pw2";

                        // write encrypted pass to file

                        fwrite($fp, "\n$text");

                        

                    }

                    

                }

                        

                // close file

                fclose($fp);

                

            } // if file exists

            

        } // if !isdir

        

    } // if isdir



} // if form sent

The ftp folder has a .htaccess file as with admin that points to the password file generated above

Code:

AuthType Basic
AuthName "West One Music FTP"
AuthUserFile "/root/to/ftp/passwd"
require valid-user

This all works well except that when a user that hasnt logged in to the admin folder in the browser session tries to go to an ftp folder they are prompted for a password first for the ftp file as created above and then (and heres the hair ripper for me) they are prompted for the admin folder password (states realm as "Admin Console")!

i remember reading a php bug report on something similar but cannot find it now however my first port of call, rather than to suggest a php bug, is to realise that i'm probably doing something stupid!

Any help greatly appreciated
Rich

BaBeBiLaaaa · 09-08-2008, 08:32 AM

Buy AdsTest drive our brand new real-time traffic estimator and create your campaign. Choose text, banner, or interstitial ads. Target by site, keyword, demographic. Create or upload multiple ads. Sell AdsFind out how we can help you generate more revenue from your ad space. Customize ads to match your site Approve and reject ads for your site Works alongside other ad programs Make money online,now!