I recently purchased a software package that restricts access to one or many directories on my hosted server. The server is Unix based. The directory that is restricted contains an .htaccess file that uses Apache.
Before I modified the below code, when I tried to access a restricted HTML file, the browser would popup a login box. I removed the “AuthGroupFile /path/to/password/file from the .htaccess file, so that the login popup would stop. My goal is to login without the bowsers login popup.
I’ve pasted my .htaccess and auth.php files below.
I have an html login form that posts a username/password and it’s action points to a restricted file. The .htaccess file should call to the auth.php file and validate the login.
Then the auto_prepend function in the .htaccess file should include the correct login info so that I have access.
With the below code I’m getting Access Denied..
I would really appreciate some advice here. I’m a newbie and am most likely missing some fundamentals… And prob have syntax issues..
A part of this that I think is failing is the $authorized=False or True. I’m not sure what that is or were it fits……
Please help!!!!

********
.htaccess
***************************
AuthType Basic
AuthName "Members Area"
AuthGroupFile /dev/null/
php_value auto_prepend_file "/usr/local/zeus/web_roots/main/domain.com/auth.php"

<LIMIT GET POST PUT>
require valid-user
</LIMIT>
***************************

********
auth.php
***************************
<?php
Session_start();
function auth($username, $password)
{
$authorized = FALSE;
$crypted_pass = crypt($password);
$data = file('/usr/local/zeus/web_roots/main/domain.com/cgi-bin/pa/password_file.txt');
foreach($data as $line) {
list($user, $pass) = explode(":", $line);
if ($username == $user && $crypted_pass == $pass) {
$_SESSION = $user;
$_SESSION = $pass;
$authorized = TRUE;
//they are authorized
break;
}
}

if ($authorized == FALSE) {
echo "You can't view this page.";
exit;
}
}
?>
***************************

Do you mean that the script pop ups everytime even when you are logged in? that is what you whant to remove?

The way it was working was that when I was accessing the resticted file, the browser would pop up a username / password box and when I entered a proper username / password, it gave me access. My goal is to not see this popup and instead login through my home page.
Once I logged in through the browsers popup box, I stayed in.

Do you mean that the script pop ups everytime even when you are logged in? that is what you whant to remove?

This article has been dead for over six months. Start a new discussion instead.