Sean Conner wrote:
It was thus said that the Great Dan Trainor once stated:Sean Conner wrote:It was thus said that the Great Dan Trainor once stated:The initial authentication would take place via PHP form. I understand how 'require valid-user' works, and how it's used. I figured out a way to do it, I'll re-post later on after I test a bit. I'm using PHP to use apache_setenv(), and then using IfDefine inside an .htaccess file here. It looks to be working.... like I said, I'll update you on this a bit later after I test more.Is there a reason why the authentication has to be done via PHP and not through Apache? This seems very awkard to me.It's for a secondary authentication implemeneted by PHP, instead of .htaccess. The hope is, that I can set an env var in Apache that would make it so that Apache did not require a valid user using 'AuthType Basic'. I'd liek to use this PHP script in conjunction with existing authentication systems, such as those using htaccess as we know it today.Would something like this be totally outrageous? Am I completely out of my mind? Can I even use IfDefine in this context?<IfDefine !SKIPHTTPAUTH> require valid-user </IfDefine>...if I were to define an Apache env var named SKIPHTTPAUTH from within a PHP script?I don't think that would work. Given that PHP requires the fork model (I wouldn't trust PHP to run correctly under a threaded version of Apache, and neither do the PHP guys from what I understand), even if you do set the environment, and if the Apache process can see that environment variable, it's only set in the process that did it and subsequent requests for pages may not be served by that particular process. You would have to have some means of propagating that environment variable to the other Apache processes (and before you ask, such a task would require modification to Apache since environment passing between sibling processes, or from a child process back to the parent process, is not something I've ever seen done---not saying it's impossible, but it is quite a bit of work). And even then, *if* you were to get this to work, what would the environment variable look like? What happens if two users hit the same page at the same time, one authenticated and one not? How does Apache know which one to let through? -spc (You do know that the Apache authenticated user is available to CGI scripts, through the REMOTE_USER environment variable?)
The idea was, again, as stated, twice, that I thought each Apache child "followed" each visitor, sort of a one-to-one relationship. My tests have proven this to not be the case, which kindof kills my idea. I understand how threading works - and now I have a much better idea.
So an env var would be set on a per-user basis. It would not be set globally. If this were to work, Apache wouldn't care if two people hit the site tat the same time, because the theory was, that each Apache child pertained to one single visitor. Looking back, after my tests and such, this would be really, really stupid if Apache worked that way.
I appreciate the in-depth information that you all have give me. I guess it's back to the drawing board.
Thanks! -dant --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|