I thought I would give this a shot. What I would like to do is use mod_rewrite (i think) to bypass the apache login prompt. I've been searching the net for 2 weeks when i had time, but haven't found a qualifying link. I did find some articles saying that it can be done, but no examples were linked. I know very little about mod_rewrite and most apache codes. I have seen something about addhandler/action but nothing on how to implement it.

What happens is that the member logs into a membership program (which starts $_SESSION ["uname"] and $_SESSION ["pword"]. Once logged in they are directed to a screen that shows them the protected directories that they are allowed to visit. They then click that link and it takes them to the directory and the apache login prompt asks them AGAIN for the username and password which is stored in the .htpasswd as well as the database.

What I want to do is bypass the 2nd (apache login) prompt and give them direct access using the $_SESSION variables. But meanwhile keeping the .htaccess file to stop others from gaining access or linking directly to that directory and if no $_SESSION variables are present, utilize the apache login prompt.

Basically I want the .htaccess to access a php file which checks a database for access permission. If yes it lets them through if no it redirects to a failure page.

this is what it looks like now

Order allow,deny
Allow from all
AuthType  Basic
AuthUserFile /usr/home/domain/public_html/custom/.htpasswd
AuthName  "Membership Required"
require valid-user

one article said to do or add this (was very vague).

AddHandler mywrapper .html
Action mywrapper path/to/secure.php

Hope that makes sense.