1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 1:54 pm May 1, 2026

Forum Moderators: phranque

Message Too Old, No Replies

htaccess authentication and redirect

         

appel

1:52 pm on Nov 24, 2003 (gmt 0)

10+ Year Member



Hi all,

I have a question concerning htaccess authentication. I would like to set up a client login system with each user directed to it's own folder on the server. 

User Tom enters his username at domain.com/client and gets redirected to domain.com/client/toms_folder.

If Tom would go to domain.com/client/jerrys_folder, he'd be sent back to domain.com/client.

Though it sounds like a fairly easy concept, i wasn't able to dig anything up through Google.

Any help is greatly appreciated!

jdMorgan

11:14 pm on Nov 24, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



appel,

Welcome to WebmasterWorld [webmasterworld.com]!

Apache's basic authentication is not very flexible. I think you'll find that if Tom tries to leave his authentication domain, he'll just get re-prompted for a password rather than being redirected. You'll need to install a customized script or use sessions and a login script to do what you want, I think. Alternatively, you could give each user a virtual host account, if that's applicable to your goals.

Jim

appel

9:25 am on Nov 25, 2003 (gmt 0)

10+ Year Member



Hi jdMorgan,

Thanks for your reply!

I already wrote a mini php script which sorta does (part of) the trick, i was hoping to be able to do it with htaccess, for extra security :)

Maybe i could set up htaccess in domain.com/client/user to accept form input from domain.com/client/index.php?

Something like: 

<?php

// This could be set up to auto-retrieve all foldernames

// in current dir. The foldername could then serve as username.

$user_arr = array();

// if user posted usern & passw...

if(isset($_POST['uname']) && isset($_POST['pword'])) {

// ... match uname against foldername

if(in_array($_POST['uname'], $user_arr)) {

// send user to .htaccess protected home-dir.

header("location: h_ttp://".$_POST['uname'].":".$_POST['pass']."@www.domain.com/client/".$_POST['uname']."/");

}

}

?>

The .htaccess file in the user dir would still check the username and password and thus offer pretty good protection. The downside is that the username and password visible through the addressbar, but maybe i can think of a nice workaround.

What do you think?

This might come in handy as well:
http://aspn.activestate.com/ASPN/Cookbook/PHP/Recipe/108479

[edited by: jdMorgan at 10:37 pm (utc) on Nov. 25, 2003]

BillyGoat

5:22 pm on Dec 2, 2003 (gmt 0)



Hi there,
New here too. What would the code in the .htaccess file have to be in order to do the first part of the above:

- Client hits a DIR with .htaccess which asks for Username/Password
- Based on Username/Password, client is sent to a web page (with differing web pages for different clients)

Thanks for the help!
BillyGoat

jdMorgan

7:46 pm on Dec 2, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



BillyGoat,

Welcome to WebmasterWorld [webmasterworld.com]!

Once you've finished with the authorization phase, you can probably redirect based on %{REMOTE_USER}

Jim

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 1:54 pm May 1, 2026