On Fri, 6 Jun 2003 11:36:51 +0100, [EMAIL PROTECTED]
wrote:
>How can I get that to talk to $PHP_AUTH_USER?
I'm not sure this is exactly what you want (actually, I'm pretty sure
this is coming at it from the opposite end), but here is a way I used
it for a very simple / low security situation.
I set up the index.php to check for $_SERVER["PHP_AUTH_USER"]
(actually, I started out just using $PHP_AUTH_USER with RegisterGlobals
on, but I figured out that it could be inserted via the get method and
totally defeat my "security") where I wanted to add links that only
administrators have access to. I also check for it at the top of the
admin only modules. This way a normal user might see a list of items
with "Details" buttons next to them, but admins would see those buttons
and "Edit" buttons. Edit would also check to see if the variable was
set.
At the bottom of the main page I have a link to login.php. This is
simply a redirect back the index.php but I have that file listed in the
.htaccess file as password protected. Once the login.php file has been
password checked, all of the programs from that directory down inherit
the $_SERVER["PHP_AUTH_USER"] value.
Here is the .htaccess file I used:
<Files login.php>
AuthType Basic
AuthUserFile /www/sbudir/.htpasswd
AuthName MyAuthName
Require valid-user
</Files>
Here is the login.php file....
<?PHP
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the
past
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
// always modified
header("Cache-Control: no-store, no-cache, must-revalidate"); //
HTTP/1.1
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache"); // HTTP/1.0
header("Location: http://www.mydomain.com/subdir/";);
?>
And in my index.php I have lines similar to the following:
<a href="show.php">Details</a>
<?PHP
if( isset( $_SERVER["PHP_AUTH_USER"] ) ) {
echo " <a href=\"edit.php\">Edit</a>";
}
?>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
