roberts
Posts: 3
|
| Posted: 07/01/2010, 1:17 PM |
|
Integration issues
I have a web project that has several aspects CCS portal, password protect content, forums etc.
www.foo.com/
../phpBB3/
../protectedContent/
../CCSProject/
../site_root
The entry point for any of the password protected content is the CCS portal.
Once logged into the CCS site, the users can access links to the forums (phpBB3) and password protected area of files etc.
I have decided to use an htaccess file to protect the forums and the user area.
I have a process that manages the .htaccess file based on CCS user table and that works flawlessly.
After CCS authenticates a username and password set, I believe I need to set some HTTP Basic authentication parameters so the client doesn’t have to login twice once accessing protected content not managed by CCS.
$_SERVER['PHP_AUTH_USER'] = $name;
$_SERVER['PHP_AUTH_PW'] = $password;
How/where can I set these params to avoid prompting username password popups in other sections of the site?
The log out page will need to do the same thing with except set the values to know bad values so when they access the resources they will be prompted to login again.
Reference
http://www.php.net/manual/en/features.http-auth.php
_________________
Never be afraid to die, unless you have not done something for humanity. |
 |
 |
magus
Posts: 98
|
| Posted: 07/02/2010, 6:02 AM |
|
Hello Robert S,
I don't think it is possible to set apache http auth server-side because the browser stores the http auth username and password and sends them along with each page request.
I think you would have to push the user through the apache http auth popup to achieve what you are after.
Another way to achieve file level security is by a sending all download requests through a php script.
KFM (http://kfm.verens.com/) is free, has this facility and can hook into your authentication model.
Unless you are streaming video, or performance could be an issue, I'd suggest you try this.
Regards,
Don A
|
|
|
|
magus
Posts: 98
|
| Posted: 07/02/2010, 6:49 AM |
|
Hi again,
Not sure if this will help, but there appears to be an apache module that handles apache authentication via a cookie which can be integrated with php. This might be what you are looking for?
http://authmemcookie.sourceforge.net/
Regards,
Don A
|
|
|
|
mamboBROWN
Posts: 1713
|
| Posted: 08/15/2010, 8:15 AM |
|
roberts,
Has this issue been resolved??
|
|
|
|
|
