Hello,
I am creating a login page that uses PHP to authenticate off http_referrer or basically uses my current htaccess file to authenticate.
Here is the code I am using so far. It seems to work great but there is one drawback. It pops up the same grey box for username and password.
How can I create an html form that references this php script? So that someone could place their username and password into an html form and it would execute this script without the popup?
(ps. I know I can use the session to compare my username/password to an SQL database or even flat file but I’m trying to accomplish something different)
Thanks for looking into this post. any insight is appreciated.
[code]
<?php
/**
* Authenticate a user against a password file generated by Apache’s httpasswd
* using PHP rather than Apache itself.
*
* @param string $user The submitted user name
* @param string $pass The submitted password
* @param string $pass_file=’.htpasswd’ The system path to the htpasswd file
* @param string $crypt_type=’DES’ The crypt type used to create the htpasswd file
* @return bool
*/
function http_authenticate($user,$pass,$pass_file=’.htpasswd’,$crypt_type=’DES’){
// the stuff below is just an example useage that restricts
// user names and passwords to only alpha-numeric characters.
if(!ctype_alnum($user)){
// invalid user name
return FALSE;
}
if(!ctype_alnum($pass)){
// invalid password
return FALSE;
}
// get the information from the htpasswd file
if(file_exists($pass_file) && is_readable($pass_file)){
// the password file exists, open it
if($fp=fopen($pass_file,’r’)){
while($line=fgets($fp)){
// for each line in the file remove line endings
$line=preg_replace(‘`[rn]$`’,”,$line);
list($fuser,$fpass)=explode(‘:’,$line);
if($fuser==$user){
// the submitted user name matches this line
// in the file
switch($crypt_type){
case ‘DES’:
// the salt is the first 2
// characters for DES encryption
$salt=substr($fpass,0,2);
// use the salt to encode the
// submitted password
$test_pw=crypt($pass,$salt);
break;
case ‘PLAIN’:
$test_pw=$pass;
break;
case ‘SHA’:
case ‘MD5’:
default:
// unsupported crypt type
fclose($fp);
return FALSE;
}
if($test_pw == $fpass){
// authentication success.
fclose($fp);
return TRUE;
}else{
return FALSE;
}
}
}
fclose($fp);
}else{
// could not open the password file
return FALSE;
}
}else{
return FALSE;
}
}
?>