problem redirecting to protected directory

From: Bart (phplist_at_easyaddin.nl)
Date: 12/03/03 

To: "Php-General" <php-general@lists.php.net>
Date: Wed, 3 Dec 2003 21:23:29 +0100

Hello,

Can you people help me with the following authentication-problem?

I have a directory names 'secure' that contains only html-files. Access is
only allowed for
registered website-visitors. Within the directory it isn't possible to place
php-files for
access-control so I have passwd-protected this directory with one 'username'
and 'password'.

Above this 'secure'-dir I've placed a login-form that checks a MySQL-db for
the entered login.
When a correct login is entered the visitor has to be able to access the
'secure'-dir without
knowing/seeing the 'username' and 'password' that protects the dir.

How can I redirect the visitor to this 'secure'-dir without showing the
login-popup?

I've tried to use the header-function several ways, but the popup keeps
popping!!

> header('http://username:password@www.domain.com/securedir/');
>
header('http://www.domain.com/securedir/?PHP_AUTH_USER=username&PHP_AUTH_PW=
password');
> header('http://username@www.domain.com/securedir/:password');

Strange thing is that when I use the JavaScript below the redirect works and
no popup is shown.
The only problem with JavaScript is that when it is disabled in the visitors
browser the script
isn't executed and the full url is visible when viewing the source of the
page!

>> start..JavaScript <<

  window.location="http://username:password@www.domain.com/securedir/";

>> end....JavaScript <<

How can I redirect a logged in user to the 'secure'-dir and also pass the
'username' and
'password' that give access to this dir?

I hope you can help me out with this...

Thanks in advance.
Best regards,

Bart
====

Relevant Pages

  • Re: Javascript error message using tags
    ... Don't redirect on JS Disabled, ... page;}else{redirect to you need to enable javascript page;} ... UA's that don't even support JS. ... browsers I have, but I wanted to know how the browsers out there react. ...
    (comp.lang.javascript)
  • Re: Problem with SSL
    ... When I use the fully qualified URL for the index.htm page, the redirect to ... http://www.mysite.com/secure/index.asp then the client side javascript works ... >> of the website root directory. ...
    (microsoft.public.inetserver.iis.security)
  • [UNIX] Pforum Cross-Site-Scripting Vulnerability
    ... Pforum is a www-board system using PHP and MySQL. ... is possible for a malicious user to enter a username containing JavaScript ... possible to access some other user's cookie containing the sessionid. ...
    (Securiteam)
  • Re: session value lost
    ... >into as sessionvariable (username). ... So I redirect to my search.aspx. ... >I save the recordid to the session and redirect to work.aspx. ... >new sqlstring I fetch the data from the sqlserver. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Script is disabled. Please click Submit to continue.
    ... Javascript POST redirect which is supposed to run in the "on load" event. ... This script POSTs the SAML token to the destination URL. ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.windows.server.active_directory)