I have been toying with http authentication using the .htaccess file in an attempt to better my current cms.
I have found a solution in apache whereas, I use a link in my html somewhere <a href=".test">Test</a>
.
I then add this to my .htaccess:
<Files .test>
AuthType Digest
AuthNAme "Restricted Page"
AuthDigestProvider file
AuthUserFile /usr/home/myDomain/includes/htpasswd/admin/.htdigest
Require valid-user
# If user is authenticated then redirect
RewriteEngine on
RewriteCond %{REMOTE_USER} !=""
RewriteRule ^.*$ /test.php? [R]
</Files>
What this does, is when a user clicks on the mentioned hyperlink, the user is then prompted with a login form via http authentication. When they enter the correct credentials, they are redirected to a page in the accessable root called test.php, which in turn includes the cms index that is held out of the web root.
If a user selects a section within the cms, they are prompted to log in again (using the sites default php based log in system) and only users with the correct role assignments may access any specfic section.
Although this is useful, it is not quite what i am trying to accomplish.
What i have thought of, is two possible solutions in my case.
One would be where a user could enter say http://www.myDomain.com/?whateveryoulike
in the address and be directed to my cms instead. Ideally this redirection would direct straight to my cms index in its' root directory that is not accessable via http://
. Something like this which can be done in php:
if isset($_GET['whateveryoulike'])
{
include $_SERVER['DOCUMENT_ROOT'] . '/../../admin/blah.php';
}
Another option i thought of would be something i do not know very much about, but it relates to http authentication and i have seen in use once before...
Basically the user enters username@www.myDomain.com and they get prompted with the http auth log in box. When the credentials are met, they are sent to a seperate section within the website.
Would anyone be able to provide any input, suggestions or addittional ideas relating to how i would go about this?
My question though, is if it is possible to actually catch a GET (http://www.myDomain.com/?whateveryoulike
) apply http authentication then redirect the user to a page that is held out of the http://
root?
Thank you for taking the time to read through this!