cancel
Showing results for 
Search instead for 
Did you mean: 

.htaccess Login prompt - How do I get the users name

SoulBriski
Grafter
Posts: 179
Registered: ‎15-06-2007

.htaccess Login prompt - How do I get the users name

One of the features of my PHP site is that a limited number of people logon with secure user names and passwords using the .htaccess and .htpasswd files in order that they can write news articles.
How do I get the name of the user that has just logged on so that my PHP news article page can display 14 April 2008 ~ A News Story ~ written by <username>
I've tried the obvious $_SERVER variables but I cannot get the user name to display.
http://www.jnmbc.co.uk/tameside will give you an example of the news articles that have been written (minus the author's name)
12 REPLIES 12
ChrissyD
Dabbler
Posts: 13
Registered: ‎06-08-2007

Re: .htaccess Login prompt - How do I get the users name

Hi,  I can`t help with your question myself, but it may be worth trying 'phpfreaks.com',  i`ve had some help from the forum members there myself. 
Peter_Vaughan
Community Veteran
Posts: 14,469
Registered: ‎30-07-2007

Re: .htaccess Login prompt - How do I get the users name

$_SERVER['PHP_AUTH_USER'] should contain the username they logged in with.
SoulBriski
Grafter
Posts: 179
Registered: ‎15-06-2007

Re: .htaccess Login prompt - How do I get the users name

Thanks Peter
I've tried that one, it was one of the most obvious of the $_SERVER variables but alas, no joy!
A simple test that i tried was
<?php
$usr = $_SERVER['PHP_AUTH_USER'];
echo = "Hello $usr";
?>
The layout is as follows:-
The main part of the website is available for free vieweing by the entire world. Lets say a user clicked on the 'Admin' link. He would be directed to 'admin/protected/index.php'
Inside a folder called 'admin' there is the .htpasswd and .htaccess and a sub folder called 'protected'
All my user sensitive files and folders live in the 'protected' folder. (It's done this way because php files are not protected by the .ht* files.)
That means, everything from 'protected' downwards can only be viewed once the user has logged on.
When the user that just logged on arrives at index.php, he would be greeted with 'Hello Peter' and when he writes a news article, it would be displayed with him as the author.
ChrissyD. Thanks also for your response. I had tried PHPFreaks but again, they say the same as Peter and the $_SERVER variables.
http://www.php.net is a great source for PHP functions by the way
jelv
Community Veteran
Posts: 26,786
Thanks: 990
Fixes: 10
Registered: ‎10-04-2007

Re: .htaccess Login prompt - How do I get the users name

Searching on php.net reveals that this function has been broken on several versions of php. I wonder if it's broken on the version currently on ccgi? It looks as if it worked from 5.0.1.
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)
SoulBriski
Grafter
Posts: 179
Registered: ‎15-06-2007

Re: .htaccess Login prompt - How do I get the users name

Good point Jelv
Peter, Can you confirm if this could be the case?
Peter_Vaughan
Community Veteran
Posts: 14,469
Registered: ‎30-07-2007

Re: .htaccess Login prompt - How do I get the users name

Can't get it to work and I believe its because accessing any php file bypasses the .htaccess file so no login is offered and thus no PHP_AUTH_USER is set.
The way I managed to get it working was via a frame redirect on my homepages server. The .htaccess/.htpasswd files and login occurred on my www webspace and the framed .php file from the ccgi server had the PHP_AUTH_USER value set correctly. I doubt that is an option for you though.
Prod_Man
Grafter
Posts: 286
Registered: ‎04-08-2007

Re: .htaccess Login prompt - How do I get the users name

Or...
you could just do what everyone else does, (as most Content Management Systems work)
and have a MySQL Database with a User Table and make it all Dynamic so that calling information is easier.
Then have a separate Table which contains the News Items, and create admin pages to manipulate that.
It would als obe possible then for any other aspects of your webite if you created a table for permissions or even bundled that in the User table and make a means of working around that.
You can "Protect" PHP Files from being executed directly on requests,
it's just you haven't figured it out yet. Wink
I can provide a solution to that one just it depends on which method you have your heart set.
If you really want to use .htpasswd / .htaccess alot - by no means am I a judge of correct methodology.
Jim,
SoulBriski
Grafter
Posts: 179
Registered: ‎15-06-2007

Re: .htaccess Login prompt - How do I get the users name

Thanks for your response to this guys.
Peter: You are right, the framed option isn't really one i fancy but thanks for confirming that the PHP_AUTH_USER value does not get set and thats why I cant read it.
Prod_Man: I did consider the users database table as an option and I don't particularly have my heart set on the .htaccess method but i do like it and beleive it to be quite secure.
I have previously written an asp web application with MS Access as a data source and for that i used a users table in the database and that was okay but I found the .htaccess method more suitable for my current project.
I may switch over to the table method though because of the problems detailed in this thread.
I am interested to hear the one about protecting PHP files. My PHP files are protected because they are in a folder that is protected by .htaccess/.htpasswd or have I missed something?
Please let me know on this one Smiley
Thanks
SoulBriski
Grafter
Posts: 179
Registered: ‎15-06-2007

Re: .htaccess Login prompt - How do I get the users name

I have to plead ignorance here PJ, what is Wordpress?
jelv
Community Veteran
Posts: 26,786
Thanks: 990
Fixes: 10
Registered: ‎10-04-2007

Re: .htaccess Login prompt - How do I get the users name

Go to the home page of this site (not the forum home).
Scroll down to the very bottom - there you will find a link.
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)
SoulBriski
Grafter
Posts: 179
Registered: ‎15-06-2007

Re: .htaccess Login prompt - How do I get the users name

Thanks for this jelv
It looks like a very good bit of kit. Maybe a bit big for my current needs but it's made me think about expanding on what i've got and including a blog.
I have downloaded it and if i don't use it on my current project, i suspect it will form a big part of my next project.
Thanks again
Prod_Man
Grafter
Posts: 286
Registered: ‎04-08-2007

Re: .htaccess Login prompt - How do I get the users name

Yes,
your PHP files are (or at least should be, as I don't know of any exploits off hand)
Protected with reguards to .htaccess being processed by the Webserver. xD
Good to know you have knowledge of Server Side Scripting with ASP and Database stuff SQL already down. Smiley
I meant more protecting PHP execution, just with in it's own execution as scripts, it's not too hard.
It also comes with preventing SQL injection fairly effectively, this is especially with longin pages and it all works within PHP functionality.
It's alittle complicated to put in one Post but I can show the Method I've used if you PM me,
I can supply basic framework of Source for you to have a butchers.
As far as I know, this method hasn't been documented or used anywhere,
it certainly seems to protect against any SQL Injection i've tried,
and I should hope any random chances of crosssite scripting or code injection.
yes login may become slower with larger tables but I think it will save in the long run on Security.
Jim,