Welcome to WebmasterWorld Guest from 3.227.208.153

Forum Moderators: Ocean10000 & phranque

Message Too Old, No Replies

htaccess authentication and redirect

     
1:52 pm on Nov 24, 2003 (gmt 0)

New User

10+ Year Member

joined:Nov 24, 2003
posts:2
votes: 0


Hi all,

I have a question concerning htaccess authentication. I would like to set up a client login system with each user directed to it's own folder on the server.

User Tom enters his username at domain.com/client and gets redirected to domain.com/client/toms_folder.

If Tom would go to domain.com/client/jerrys_folder, he'd be sent back to domain.com/client.

Though it sounds like a fairly easy concept, i wasn't able to dig anything up through Google.

Any help is greatly appreciated!

11:14 pm on Nov 24, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
posts:25430
votes: 0


appel,

Welcome to WebmasterWorld [webmasterworld.com]!

Apache's basic authentication is not very flexible. I think you'll find that if Tom tries to leave his authentication domain, he'll just get re-prompted for a password rather than being redirected. You'll need to install a customized script or use sessions and a login script to do what you want, I think. Alternatively, you could give each user a virtual host account, if that's applicable to your goals.

Jim

9:25 am on Nov 25, 2003 (gmt 0)

New User

10+ Year Member

joined:Nov 24, 2003
posts:2
votes: 0


Hi jdMorgan,

Thanks for your reply!

I already wrote a mini php script which sorta does (part of) the trick, i was hoping to be able to do it with htaccess, for extra security :)

Maybe i could set up htaccess in domain.com/client/user to accept form input from domain.com/client/index.php?

Something like:

<?php

// This could be set up to auto-retrieve all foldernames

// in current dir. The foldername could then serve as username.

$user_arr = array();

// if user posted usern & passw...

if(isset($_POST['uname']) && isset($_POST['pword'])) {

// ... match uname against foldername

if(in_array($_POST['uname'], $user_arr)) {

// send user to .htaccess protected home-dir.

header("location: h_ttp://".$_POST['uname'].":".$_POST['pass']."@www.domain.com/client/".$_POST['uname']."/");

}

}

?>

The .htaccess file in the user dir would still check the username and password and thus offer pretty good protection. The downside is that the username and password visible through the addressbar, but maybe i can think of a nice workaround.

What do you think?

This might come in handy as well:
http://aspn.activestate.com/ASPN/Cookbook/PHP/Recipe/108479

[edited by: jdMorgan at 10:37 pm (utc) on Nov. 25, 2003]

BillyGoat

5:22 pm on Dec 2, 2003 (gmt 0)

Inactive Member
Account Expired

 
 


Hi there,
New here too. What would the code in the .htaccess file have to be in order to do the first part of the above:

- Client hits a DIR with .htaccess which asks for Username/Password
- Based on Username/Password, client is sent to a web page (with differing web pages for different clients)

Thanks for the help!
BillyGoat

7:46 pm on Dec 2, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
posts:25430
votes: 0


BillyGoat,

Welcome to WebmasterWorld [webmasterworld.com]!

Once you've finished with the authorization phase, you can probably redirect based on %{REMOTE_USER}

Jim