Home/ Questions/Q 4040178
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-20T12:43:08+00:00

Good day everyone, I have a directory set up with some Apache Auth stuff.

  • 0

Good day everyone,

I have a directory set up with some Apache Auth stuff. Here is the directory:
http://gojalapeno.com/intranet/content/ado-jeune

Use ado-jeune:tezesyrab to login.

Here is the code for the .htaccess that powers it:

AuthName "Connexion au dossier:"
AuthType Basic
AuthUserFile "D:\Dropbox\htaccess\secret\.htpasswd"
Require valid-user

Now the login form for that directory is generated by the browser, but I wish to use my own HTML form for this. How can I do it? I’ve tried using cURL with PHP:

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'http://gojalapeno.com/intranet/content/ado-jeune');
curl_setopt($ch, CURLOPT_USERPWD, 'ado-jeune:tezesyrab');
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_exec($ch);
curl_close($ch);

That authenticates fine, but the problem with that is that it doesn’t redirect to the page (despite the CURLOPT_FOLLOWLOCATION), it merely “includes” it in the current file. As such, all my relative links are broken.

So what I’m looking for is a way to use my own HTML form to authenticate to an Apache Basic Auth directory, and to redirect to that directory after.

Thanks!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Unfortunately, what you’re describing is going to be difficult to implement due to the way that AuthBasic works. From Apache’s documentation:

    Because of the way that Basic authentication is specified, your username and password must be verified every time you request a document from the server. This is even if you’re reloading the same page, and for every image on the page (if they come from a protected directory).

    Browsers handle sending the user’s credentials automatically for each subsequent request after the user enters them in.

    But in your case, the browser itself is not connecting to the protected directory, but rather cURL is. One solution would be to have cURL process all requests to that protected directory, in essence acting as a proxy.

    To accomplish this, you would have to write a PHP script that requests the user’s credentials and sends them along as it requests a page in the protected directory. So something like this:

    <?php

    // This is *very* basic - you would of course need to make sure the user 
    // isn't trying to access something in another location
    $dest = $_GET["dest"];

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, 'http://gojalapeno.com/intranet/content/' . $dest);

    // You would retrieve the user's credentials from an HTML form and save them in session vars
    curl_setopt($ch, CURLOPT_USERPWD, $_SESSION["username"] . ":" . $_SESSION["password"]);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);

    curl_exec($ch);

    curl_close($ch);

?>

    Hope this helps!

    • 0