Login and htaccess

jacobb20 has asked for the wisdom of the Perl Monks concerning the following question:

Does anybody know if you can use perl to pass the username and password to apache to satisfy htaccess without the browser prompting for it?

The reason I need to do this is because the site I'm working on was set up with no htaccess file for the root. Then there are large numbers of directories off the root (domain.com/directory1/) that uses htaccess to protect them. The clients need to remember the domain.com/direcory1/ address to access their information and supply the user/password for htacess. The company would like to create a universal login at the root, where the client would supply a username and password in a html form. They would be authenticated (not using htaccess) and redirected to their correct directory. However, once redirected they would be prompted again for their username and password by htacess. Is there a way around this besides deleting/modifying the htacess files?

Thanks, Jake

Comment on Login and htaccess

Replies are listed 'Best First'.
Re: Login and htaccess by ikegami (Patriarch) on Apr 25, 2006 at 20:54 UTC
Have you tried redirecting to `http://userid:passwd@www.example.com/dir/file.html` [download] I'm not sure if that still works.	[reply] [d/l]
Re^2: Login and htaccess by jacobb20 (Novice) on Apr 25, 2006 at 21:17 UTC
Just tried it...didn't seem to work. Get a Page cannot be displayed	[reply]
Re^3: Login and htaccess by ikegami (Patriarch) on Apr 25, 2006 at 21:24 UTC
Must you use Basic authentication? The standard alternative is to create a session in the first page and return the session id to the client (via cookies, url param or hidden form fields). Scripts in the protected directory must check if the session id is valid. If you're trying to protect static files, you'll need a custom mod_perl auth/autz handler or similar. I think CGI::Session is the module normally used for this.	[reply]
Re^2: Login and htaccess by monarch (Priest) on Apr 26, 2006 at 05:26 UTC
You should know that, in this article, Microsoft explain that they have deliberately withdrawn support for this URL syntax from their Internet Explorer browsers. Personally I am baffled as to why Microsoft made this decision as support for it does not make any site more or less secure.	[reply]
Re^3: Login and htaccess by ikegami (Patriarch) on Apr 26, 2006 at 07:01 UTC
It's use for protection against spoofing. People would email URLs such as `http://www.ebay.com@3478348818/verify.cgi?id=827439327432` in phishing emails. It looks like some URL at `www.ebay.com`, but it really contacted `209.197.123.153`. These URLs could fool even the trained eye, if it wasn't too careful. It seems they also prevent http://3478348818/ and other uncommon forms from working now. – Keep in mind that `3478348818 == ((209255+197)255+123)*255+153`.	[reply] [d/l] [select]
Re^4: Login and htaccess by monarch (Priest) on Apr 26, 2006 at 23:48 UTC
Re^5: Login and htaccess by ikegami (Patriarch) on Apr 27, 2006 at 00:32 UTC
Re: Login and htaccess by ioannis (Abbot) on Apr 26, 2006 at 03:04 UTC
The LWP::UserAgent module will follow up to 7 redirects (by default) and you could set it for Basic Authendication with $ua->credentials .	[reply]
Re^2: Login and htaccess by monarch (Priest) on Apr 26, 2006 at 05:33 UTC
.. or alternatively this node details how to subclass LWP::UserAgent to provide the Basic Authentication details..	[reply]

Back to Seekers of Perl Wisdom