I now this is a little bit off topic.
But since SVN seems to be the only solution which has this feature, i hope for
any insight from you.
SVN features a mixed authentication/anonymous access (see
http://svnbook.red-bean.com/nightly/en/svn.serverconfig.httpd.html#svn.serverconfig.httpd.authz.perdir.ex-3).
I want to achieve the same functionality using a PHP script: allow anonymous
access until accessing some special content and than request
authentification which should be checked according to a htaccess-file.
As far as i understand the SVN example the authentification is performed by
the Apache modules.
The svnbook section you refer to above isn't *wrong*, but it certainly could
be misleading in terms of what is and isn't supported. (Which is why I
wrote the "workaround" blog post to which you were pointed by my peer here.)
For a better chance at getting a direct response with information you can
immediately apply, I would suggest consulting another PHP-centric community
for how they do this. (The Drupal community comes to mind.)
I asked the same question on the PHP and Apache mailing list some months ago -
without any success.
The auth-stuff should NOT be implemented in PHP but being handled by the Apache.
The PHP script should only decide when anonymous access is not sufficient (e.g.
by sending a WWW-Authenticate header).
Therefore i doubt that consulting other PHP projects would be helpful...
The key question for me is how SVN triggers the "escalation" from anonymous
usage to authentification.
Are the two following scenarios correctly described?
Anonymous access:
A1: Anonymous user requests SVN
A2: Apache asks authz-provider and it allows anonymous access
A3: SVN delivers the requested content
Escalation from anonymous to authentificated access:
B1: Anonymous user requests restricted stuff from SVN
B2: Apache asks authz-provider and it blocks anonymous access
B3: According to "satisfy any" and the not-working anonymous access (and
missing credentials) Apache sends WWW-Authenticate header to authenticate user
B4: User enters username and passwort to browser dialog and requests restricted
stuff from SVN again (this time with credentials)
B5: Apache asks authz-provider and it blocks anonymous access
B6: According to "satisfy any" and the not-working anonymous access Apache
passes the credentials to authz, with the provided credential the user is authentificated
and passed
B3: SVN delivers the requested content
The request to escalate from anonymous access in step B3 is initiated from SVN,
but still the Apache does the authentification.
Any details how this is performed might help to understand, if it is possible
to trigger this from e.g. a PHP script.
Is this only possible to due the implementation as an authz-module?
Dirk
