hi,
i have a htaccess protected dir, how can i use a form for members to login instead of the htaccess popup box?

I'm not sure if this will work, but maybe this will start up a nice discussion.

First: A way to bypass the htaccess popup box is entering the login and password like: http://loginname:password@www.domain.com/password_proteced_dir/

So by making a form, that will reformat the entered data into something like above you could (theory) redirect the user to a htaccess protected dir.

Extra: If you redirect your users to a something location: /protected_dir/enter.cgi. You could have that script read out the username with $ENV{'REMOTE_USER'}. On this way you can offer custom pages to logged in users.

Funny....I was just about to do the same thing and yes, your way is the way I was going to do it....quick example.....

#!/usr/bin/perl

use CGI qw(:standard);

$q = new CGI;
$action = $q->param('action');

if ($action eq "login") {
&login();
}
else {
&main();
}

sub main {

print header;

print qq|
<form action="script.cgi" method="POST">
<input type="hidden" name="action" value="login">
Username: <input type="text" name="username">

Password: <input type="password" name="password">

<input type="submit" value="Login">
</form>

|;

}


sub login {

$username = $q->param('username');
$password = $q->param('password');

push(@errors, "Please enter a username.") if ($username =~ /^\s*$/);
push(@errors, "Please enter a password.") if ($password =~ /^\s*$/);
push(@errors, "Invalid characters in username.") unless ($username =~ /^\w+$/);
push(@errors, "Invalid characters in password.") unless ($password =~ /^\w+$/);

if ($#errors > -1) {
foreach (@errors) {
$warning .= "<li>$_";
}
&error($warning);
}

my $protected = "http://$username:$password@www.mydomain.com/";
print "Location: $protected\n\n";

}


sub error {

my ($warning) = shift;

print header;

print $warning;

exit();

}


Yes it's not beautiful but it does the trick. I typed it quickly so if it gives any errors then sorry - I probably missed a ; or " or something.


Paul
Installations:http://wiredon.net/gt/
Support: http://wiredon.net/forum/

Alright, does anyone know how to automatically go to that form way of logging in instead of getting the 'pop-up' asking for name & password?

Corey Breitfelder
cbreits23@home.com

www.xpiso.com
personal online solutions

Just make sure the form isn't under the password protected area...

- Mark

Astro-Boy!!
http://www.zip.com.au/~astroboy/

hey when i ran the script provided above, error: Substitution pattern not terminated atline 40 and i recieved an internal server error

The problem is the regexp used to check validity of input. Change all occurances of 's/^' to '/^'.

--Drew
Free, hot camel soup for Links hackers...
http://www.camelsoup.com

hey thx junko for the help, and also do anyone of you know how to implement cookies and templates into this script, or is it possible here?

Yeah sorry I realised that after posting but forgot to point it out.

Paul
Installations:http://wiredon.net/gt/
Support: http://wiredon.net/forum/

hey i really need to be able to include this login script into my php script, somebody plz help!

You would need to add:

use CGI::Cookie;
%cookies = fetch CGI::Cookie;

...and then set a cookie like...

if (!$cookies{'Username'} && !$cookies{'Password'}) {
reverse $username;
$usrname = new CGI::Cookie(-name=>'Username',-value=>$username);
reverse $password;
$passwrd = new CGI::Cookie(-name=>'Password',-value=>$password);
print header(-cookie=>[$usrname,$passwrd]);
}


Now, this isn't going to be very secure because the username/password has to be entered into the password prompt as plaintext so that is how it has to be stored in the cookie, becuase in order to fetch the cookie and bypass the popup prompt, the data has to be un-encrypted or it won't work. But anyway.....fetch the cookie....

if ($cookies{'Username'} && $cookies{'Password'}) {
$c1 = $cookies{'Username'};
reverse $c1;
$c2 = $cookies{'Password'};
reverse $c2;

print "Location: http://$c1:$c2@www.domain.com/secure/\n\n";
}
else {
print "Location: http://$username:$pass@www.domain.com/secure/\n\n";
}


I've reversed the username/pass to make it about 5% more secure seeing as we aren't encrypting the cookies


Anyway it goes something like that..hehe...I haven't tried it nor do I expect it to work but I am just throwing some ideas your way hoping they will be helpful enough for you to tweak it.


Paul
Installations:http://wiredon.net/gt/
Support: http://wiredon.net/forum/

can u tell me how i can include this form into my php script?

Nope sorry - I rarely use php so don't know a great deal about it.

It will be the same except you will need to obviously use php syntax rather than perl/cgi

Paul
Installations:http://wiredon.net/gt/
Support: http://wiredon.net/forum/

i'm not usre what's wrong i have this script setup right, but evertime when i fill in the username and pass form, then press submit, the popup box appear asking for pass, and when i cancel the popup box, i'm at authorization error page, but however what's very rare is at this page, i saw the right login url at address location and if i refresh this page, i'm login into htaccess page
http://myusername:passitypein@members.what.com/

Sorry, please delete or ignore this duplicate posting.

DelPierro
http://www.simball.de/links_mods/

In a german forum I found following Javascript solution:

But I never tested it for myself. Hope that work's.

DelPierro
http://www.simball.de/links_mods/