httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Deeley <>
Subject Re: [users@httpd] HTTP AUTH
Date Tue, 27 Dec 2005 13:21:40 GMT

Theres no way of passing info from a form to set the variables 'HTTP_AUTH_USER'
ad HTTP_AUTH_USER but I have found a way around it but never put it into
practice yet.
You can still use your existing form to login and create a session variable
as their user name eg $_SESSION['username'] = 'user1'

Then, lets say you have a folder which you want to
restrict access to 'user1' only, in the folder user1, create a .htaccess
file with the following info

AddHandler verifyuser .gif
AddHandler verify .jpg
// add extra lines for other file types etc
Action verify /login/verify.user1.php
//this is relative to the root of your website ie

Then each time the user accesses a .jpg, .gif file etc, it will first go
through the verify.user1.php script.
verify.user1.php needs to be written as follows

if ($_SESSION['username'] == "user1"){
echo 'invalid username'


Basically this will display the original file they were trying to access if
there username is user1 otherwise it will display the message *invalid

For other user folders eg , you will have to again
add a htaccess file in the folder and use the *add handler *as above to link
to a script like verify.user2.php

Hope this helps

Regards, Chris.

View raw message