http auth woes
i've been trying to configure authentication for a particular tool on a website i've been building
i've tried php http authorization and .htaccess/.htpasswd files, neither seem to work Code:
<?php [code] then i created a .htaccess file for the directory AuthUserFile /home/user874-****/.htpasswd AuthUserFile /dev/null AuthName "Protected Area" AuthType Basic require valid-user [code] .htpasswd Code:
worker:gSs4***JFQH5Q vhost file Code:
VirtualHost *:80> http://img255.imageshack.us/img255/3420/phpinfo.jpg if you require anything else please let me know |
I cannot tell about the php code, but in .htaccess you should remove "AuthUserFile /dev/null". You have already defined AuthUserfile in the line above this one and besides, this directive cancels the usage of the .htpasswd.
Also when you use "/home/user874-****", I guess you don't have asterisks in the directory name. Make sure also that the apache user can read /home/user874-****/.htpasswd Regards |
Quote:
tried chown www-data:www-data .htpasswd as well, still nothing Code:
-rw-r--r-- 1 www-data www-data 21 2011-01-03 14:52 .htpasswd |
Did you close your browser and reopen it, so it starts a new session?
Also check if there is something logged in apache error_log. |
not consistantly but i occasionally got
Code:
[Mon Jan 03 14:54:05 2011] [error] [client 192.168.0.19] access to /vehicle_fixer/ failed, reason: verification of user id '<null>' not configured |
Hi,
This error comes from the php authorization page. What happens when trying to authenticate with the .htaccess way? Did you try to start a new browser session and see what you get? |
yes and it does nothing but reject everything even the supposedly correct user/password but puts nothing in the error log, even while watching the log with tail -f error.log
|
If you are using SELinux, you might need to tell SELinux that it is OK for Apache to access that file with:
chcon --type=http_sys_content_t /home/user874-****/.htpasswd |
In the PHP manual http://www.php.net/manual/en/reserve...les.server.php, it says the variable is $_SERVER['AUTH_TYPE'] not $_SERVER['PHP_AUTH_TYPE'].
|
stll nothing
|
Looking at http://php.net/manual/en/features.http-auth.php, it seems to give conflicting information. It appears to say that PHP_AUTH_USER might not be set in all cases, but that REMOTE_USER might...
Also, the example in the manual doesn't use AUTH_TYPE. I could guess that it isn't reliable. Rhetorical question: Why use HTTP authentication? Why not, if they aren't logged in, display a login page instead of the requested page. Or, save the requested URL and redirect them to a login page? Then, once they are logged in, give them the page they originally requested. |
it's a php script i wrote and i'm not that good at writing user login programs for php, that and i want to be able to put other non php content in that folder as well such as .inc files which are not parsed by php but have the password to the database
interestingly enough, this works Code:
Order Deny,Allow but a .htpasswd file does not |
So, you really want to use basic http authentication and get the username passed to your scripts?
Do you have AllowOverride AuthConfig in your apache config file? Without that, it will completely ignore the Auth options in your .htaccess file. If you have access to the server config file, you could just put the Auth options there. -- Ha. too many things going on. I forgot that you posted the relevant section... and you do... |
you mean like this?
Code:
VirtualHost *:80> |
Hi,
Your apache config is ok. The fact that you're presented the popup dialog to enter username/password means that .htaccess works, so the problem is somewhere else. The strange thing is that there are no logs about entering invalid credentials. So, I've just look over the whole thread and noticed the attached phpinfo() image, where I saw that you're using squid proxy to access apache. Can you bypass squid and see if auth works. Or try to access the protected dir from the server itself (using localhost). Regards |
All times are GMT -5. The time now is 12:45 PM. |