PHP
  Home arrow PHP arrow Page 2 - User Authentication With Apache And PH...
Dev Shed Forums 
Administration  
AJAX  
Apache  
BrainDump  
DHTML  
Flash  
Java  
JavaScript  
Multimedia  
MySQL  
Oracle  
Perl  
PHP  
Practices  
Python  
Reviews  
Security  
Style-Sheets  
Web Services  
XML  
Zend  
Zope  
Forums Sitemap 
IBM® developerWorks 
Sun Developer Network 
E-Commerce Hosting 
Linux Web Hosting 
Managed Hosting 
Small Business Hosting 
Moblin 
VPS Hosting 
Weekly Newsletter

 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
PHP

User Authentication With Apache And PHP
By: The Disenchanted Developer, (c) Melonfire
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 4 stars4 stars4 stars4 stars4 stars / 53
    2002-03-13

    Table of Contents:
  • User Authentication With Apache And PHP
  • Back To Basics
  • The Right Creds
  • Hidden Costs
  • Logging In
  • Rank And File
  • Heavy Iron
  • Sock It To Me, Baby!
  • Time To Live
  • A Stitch In Time
  • Closing Time

  • Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
     
     
    ADVERTISEMENT


    User Authentication With Apache And PHP - Back To Basics


    (Page 2 of 11 )

    Now, there are a couple of different ways to go about adding this type of security to your application. The first (and most primitive, though also the simplest) is to simply have your Web server handle authentication for you. If you're using the Apache Web server (you probably are), you can access the server's authentication features to add basic security to your Web site.

    In order to illustrate how this works, let's consider a simple example. Let's assume the existence of the following directory structure:

    /usr/local/apache/htdocs/ index.html alpha.html beta.html admin/ index.cgi
    Now, let's suppose that I want to protect the directory "admin". It's fairly simple to do with HTTP authentication.

    The first step is to ensure that your Apache build includes support for the "mod_auth" module. You can check this by executing the Apache binary with the "-l" command-line option.

    $ /usr/local/apache/bin/httpd -l Compiled-in modules: http_core.c mod_env.c mod_log_config.c mod_mime.c mod_negotiation.c mod_status.c mod_include.c mod_autoindex.c mod_dir.c mod_cgi.c mod_asis.c mod_imap.c mod_actions.c mod_userdir.c mod_alias.c mod_access.c mod_auth.c mod_setenvif.c mod_php4.c
    If you don't see "mod_auth" in the list, you'll need to recompile Apache with support for that module.

    Next, check Apache's configuration file, "httpd.conf", and ensure that the option

    AllowOverride All
    is present in the section for the server document root. This allows you to override global server settings via per-directory ".htaccess" control files.

    Next, create a file named ".htaccess" in the "admin" directory, and put the following lines into it:

    AuthType Basic AuthUserFile /usr/local/apache/users AuthName "Administration Module" Require valid-user
    This tells the server that access to the "admin" directory (the directory in which the ".htaccess" file is located) is to be controlled, and access is to be granted to users based on the username/password information in the file "/usr/local/apache/users"

    The final step is to create the "users" file. Change to the "/usr/local/apache" directory (or whichever directory you've decided to store the user data in) and use the "htpasswd" command:

    $ htpasswd -c users john New password: **** Re-type new password: **** Adding password for user john
    You can add more users to this file if you like (remember to omit the "-c" parameter for all subsequent additions, as that parameter creates a brand-new, empty file).

    Remember *not* to store the "users" file in a directory under the server document root, or else malicious users will be able to view and download the password database through a browser.

    Now, attempt to access the "admin" directory via your Web browser. The browser should pop up a dialog box and prompt you for a username and password. Access to the "admin" directory will be granted only if you enter a correct username and password, as defined in the "users" file.

    More PHP Articles
    More By The Disenchanted Developer, (c) Melonfire


     

       

    PHP ARTICLES

    - Sub Classing Exceptions in PHP 5
    - Authentication for Web Application Security
    - Building a Content Management System with Co...
    - Filters and Login Systems for Web Applicatio...
    - Working with the Email Class in Code Igniter
    - Building Your Own System Tray Application Us...
    - Structuring Your Projects for Web Applicatio...
    - Inserting, Updating and Deleting Database Ro...
    - Building Your Own Desktop Notepad Applicatio...
    - Web Application Security Overview
    - Working with the Active Record Class in Code...
    - Generate PDF Documents with PHP on the Windo...
    - Sending Email with PHP Networking
    - Performing Strict Validation with the Code I...
    - The preg_replace_callback() function in PHP





    © 2003-2008 by Developer Shed. All rights reserved. DS Cluster 4 hosted by Hostway
    Stay green...Green IT