2

I read here how to get into an Apache password protected directroy via dircet link with the simple:

http://username:password@yoursite.com/protected_dir/

that works in FF/Chrome/Safari, and obviously not in IE7! :)

Do you know how could i get into a psw protected directory creating maybe a login form and using GET/POST to get in?

Do I need to set a session before getting in or I can simply pass to the protected directory the user and password as GET/POST parameters? (In this last case what name for parameters do I have to use?)

Thanks!

Community
  • 1
  • 1
Marco Demaio
  • 30,990
  • 33
  • 122
  • 155
  • As explained in the answers below is absolutely true that HTTP authentication has got nothing to do with GET/POST, therefor no login authentication is possible via GET/POST. Anyway for whoever could be interested it's possible also in PHP to get a file behind a password protecetd folder by simply doing in this way: file_get_contents("http://user:pass@domain/protected_dir/file") – Marco Demaio Jun 21 '10 at 18:39

1 Answers1

5

What you're referring to is HTTP authentication, and is not handled with URL parameters or POST data.

A HTTP client must handle it directly.

Now, if you have no control over the password protected directory, there's nothing you can do.
If, however, you do have control and want to provide an HTML login form, you must change the method of authentication and, instead of relying on HTTP authentication, do it via URL parameters or POST data. You can do that not using a different authentication type module for a Apache (necessarily a third-party one, because Apache only supports HTTP Basic and Digest authentication), or, more realistically, doing the authentication with PHP and managing a session.

Artefacto
  • 90,634
  • 15
  • 187
  • 215
  • thanks for the fast reply. Actually it is handled with URL paramaters cause the URL i posted in my question works on all browsers except IE. – Marco Demaio Jun 18 '10 at 19:24
  • @Marco Demaio By url parameters I mean the query string. – Artefacto Jun 18 '10 at 19:41
  • oh ok, sorry, so basically you are saying there is no way. I know how to do it using PHP sessions, but you are saying there is no way to do query GET/POST authentication over HTTP authentication, aren't you? Just to know if I understood! Thanks! – Marco Demaio Jun 18 '10 at 20:26
  • 1
    HTTP authentication works at a different level than GET/POST parameters, and is handled differently by the browser. – Ignacio Vazquez-Abrams Jun 18 '10 at 20:33