Menu
I have a passwordprotected directory with htaccess and htpasswd.
The htaccess looks like this
AuthUserFile /usr/local/you/safedir/.htpasswd
AuthGroupFile /dev/null
AuthName EnterPassword
AuthType Basic
require user myusername
The htpasswd looks like this
myusername:password887
This password protected directory is named www.mydomainname.com/mystuff
Now, I want to access this page fram a iframe (with www.mydomain.com/mustuff/index.html as src) in index.php in my root, but I dont want to make the users fill in the username and password all the time, just keep them from entering the folder the src is in.
Is there a script that can fill out the username and password automatically without letting the "users" write the username and password all the time?
809
htaccess and . htpasswd are actually yielding a screen for your user name and password, it is secure. If the combination of the user name and password isn't valid, Apache will return a HTTP 403: Forbidden header, which means the request has never been passed to PHP.
You can src the frame with the username and password in the link itself:
http://myusername:[email protected]/mystuff
But this sort of defeats the purpose of password protecting the directory since anyone can look at the page source and know the username/password, and not all browsers support this type of URL.
You could make it so the referer is checked when attempting to access the /mystuff directory, and if it's from where the iframe is embedded, allow access without prompting for a password. But the referer can be spoofed very easily.
59
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
