I recently purchased a software package that restricts access to one or many directories on my hosted server. The server is Unix based. The directory that is restricted contains an .htaccess file that uses Apache.
Before I modified the below code, when I tried to access a restricted HTML file, the browser would popup a login box. I removed the “AuthGroupFile /path/to/password/file from the .htaccess file, so that the login popup would stop. My goal is to login without the bowsers login popup.
I’ve pasted my .htaccess and auth.php files below.
I have an html login form that posts a username/password and it’s action points to a restricted file. The .htaccess file should call to the auth.php file and validate the login.
Then the auto_prepend function in the .htaccess file should include the correct login info so that I have access.
With the below code I’m getting Access Denied..
I would really appreciate some advice here. I’m a newbie and am most likely missing some fundamentals… And prob have syntax issues..
A part of this that I think is failing is the $authorized=False or True. I’m not sure what that is or were it fits……
Please help!!!!
********
.htaccess
***************************
AuthType Basic
AuthName "Members Area"
AuthGroupFile /dev/null/
php_value auto_prepend_file "/usr/local/zeus/web_roots/main/domain.com/auth.php"
<LIMIT GET POST PUT>
require valid-user
</LIMIT>
***************************
********
auth.php
***************************
<?php
Session_start();
function auth($username, $password)
{
$authorized = FALSE;
$crypted_pass = crypt($password);
$data = file('/usr/local/zeus/web_roots/main/domain.com/cgi-bin/pa/password_file.txt');
foreach($data as $line) {
list($user, $pass) = explode(":", $line);
if ($username == $user && $crypted_pass == $pass) {
$_SESSION = $user;
$_SESSION = $pass;
$authorized = TRUE;
//they are authorized
break;
}
}
if ($authorized == FALSE) {
echo "You can't view this page.";
exit;
}
}
?>
***************************