HTTPS/multiple client login same button

Forum Moderators: open

Message Too Old, No Replies

HTTPS/multiple client login same button

Khemikal

2:03 pm on Sep 1, 2004 (gmt 0)

Yea...ok...excuse my "technical" terms in the heading and I apologize if this is the incorrect area.

All of our clients have a different password and what I would like to do is put a PW protected area on our site for client FAQs, tuts, etc. Now here is the catch.

I want the clients to be able to enter their pass into your basic, everyday, averag, textbox and hit "go" and have them login into the secure area of the site without a popup screen or what have you.

Can I just use .htaccess and enter all of our clients passwords and if so, how can I specificall attach it to the "go" image?

Is there a better solution using a database and php for instance?

Thank you for your ideas,

Khem

dcrombie

3:54 pm on Sep 1, 2004 (gmt 0)

I'm yet to find a way to combine HTTP Authentication (.htaccess or similar) with an HTML form. All of our sites pop up the 'ugly grey box' that requests username and password and only 1-2% of clients have a problem with it (and those are mostly design studios ;)).

Lance

6:27 pm on Sep 1, 2004 (gmt 0)

This is easy using server-side scripting... No PopUp necessary.

Do a simple login page with a form asking for Username and Password. Have the action of the form be the same page.

In the page, use server-side code like this: (This VB-ASP, but I'm sure it could be modified for php simply enough.)


<% 
Function ValidUser(Username, Password) 
strSQL = "SELECT * FROM users WHERE username = '" & Username & "' AND password = '" & Password & "'" 
Set rs = Server.CreateObject("ADODB.Recordset") 
rs.Open strSQL, DBConn 
If NOT rs.EOF Then ValidUser = True Else ValidUser = False 
rs.Close 
Set rs = Nothing 
End Function If Request.Form("Username") <> "" Then 
 Username = Request.Form("Username") 
 Password = Request.Form("Password") 
 If ValidUser(Username, Password) Then 
 Session("LoggedIn") = True 
 Response.Redirect [The Secure Area of Your Site] 
 Else 
 Session("LoggedIn") = False 
 End IF 
End If 
%>

Khemikal

6:43 pm on Sep 1, 2004 (gmt 0)

Lance,

Thanks for the info.

Khem

dcrombie

9:57 am on Sep 2, 2004 (gmt 0)

That's not what I was talking about. Using sessions is effectively the same as using a cookie. HTTP Authentication is a different creature altogether.

bcc1234

11:09 am on Sep 2, 2004 (gmt 0)

Use a server-side redirect. Take id and pass parameters and redirect the visitor to

[id:pass@mydomain.com...]

Where id and pass are what the visitor enters on your form.

dcrombie

11:38 am on Sep 2, 2004 (gmt 0)

Nice. But does it still work in IE after the latest patches? I thought they were going to disable that option to prevent phishing exploits.

bcc1234

11:48 am on Sep 2, 2004 (gmt 0)

I don't know. Try it. You need it, not me...

dcrombie

12:06 pm on Sep 2, 2004 (gmt 0)

It's not me that needs it. And I don't have access to Windows here for testing.
I was just curious whether the solution you put forward actually works.

Lance

1:23 pm on Sep 2, 2004 (gmt 0)

IE disabled id:pass@ several patches ago. It drove me nuts for a while trying to figure out why that quit working. IIRC, there is a reg setting to turn it back on, but it's probably unreasonable to ask all your users to do that.