User Authentication With Apache And PHP - Logging In (
Page 5 of 11 )
The alternative approach
involves bypassing Apache's HTTP authentication altogether, relying instead on
custom programming to perform access control and session management. This allows
you to customize both the user interface presented for login, and also the data
source used for credential verification.
You can write code for this in
any language; I'll be using PHP, since it comes with built-in session management
support, which will make things easier.
Let's assume the following
directory structure:
/usr/local/apache/htdocs/
index.php
login.php
error.php
inner.sanctum.php
Let's also assume that the file I need to protect is
"inner.sanctum.php"
First up, I need to define my custom login form.
Here's what I came up with:
<?
// index.php - login form
?>
<html>
<head>
<basefont face="Verdana">
</head>
<body>
<center>
<table border="0" cellspacing="5" cellpadding="5">
<form action="login.php" method="POST">
<tr>
<td>Username</td>
<td><input type="text" size="10" name="f_user"></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" size="10" name="f_pass"></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit"
name="submit" value="Log In"></td> </tr> </form> </table> </center>
</body>
</html>
Here's what it looks like:
Once the user submits this form, the username and
password entered will be stored in the form variables $f_user and $f_pass
respectively. These variables can be accessed by the PHP-based form processor,
coming up on the next page.
/ 57 
