Forum Moderators: coopster
I have a password protected area which pops up the browsers own authentication login when access. This works fine but I'd like to create a php login form so that I can use a 'remember me' type of function via cookies.
Is this possible?
All the free php login scripts I have seen assume a mysql database which is searched when logging. What I am looking for is to login to a php script, read the .htpasswd file and then indicate to apache that the login is successful or not.
Can this be done?
the vars you need to look at are in the $_SERVER superglobal array
PHP_AUTH_USER
PHP_AUTH_PASS
PHP_AUTH_USER is set when a user has authenticated via the browsers popup grey box.
What I'm trying to do is to tell apache "hey, user is cool. Authenticate him".
login.php
---------
show a html login box
take username and password
scan .htpasswd file for a match
if succesful inform apache that user is authenticated.
The reason for doing this is to make a two step security login method with added flexibilty.
The problem with .htacces is that it is that you can't let the user have extra control panel kind of stuff.
The problem with a pure PHP / mysql login system is that directories are not protected and that you have to move them out of the public tree.
