Richard Lynch wrote: > You can always add more .htaccess files in more directories, or edit the > one that's there. And that's precisely what I did. The only reason why I only have .htaccess in the top-level directory is that I don't have any directives specific to one subdomain that the others shouldn't use and according to the apache docs when requesting a file apache looks in every higher-level directory for .htaccess as well. >>The fact that the uid of the script is appended to the realm specified >>shouldn't require any changes in the code, or should it? > > > No. It would only invalidate any "saved" logins or passwords from the old > realm being managed by the browser. > > Different realm == different login/credentials needed. Thanks for that info, seems my understanding of the matter is not as for off as I thought it to be although I've read your posting saying you only got to know the specifics through years of practice. > That's your ISP being silly, not PHP 4.3.10 "changing" That's what I thought. > That said, HTTP Authentication WILL NOT WORK with CGI. > > It is disabled in PHP source because, because your password would be > transmitted insecurely from Apache to PHP, and the PHP Team is not willing > to do that for obvious reasons. > > Get your host to go back to PHP as Module, or switch to a form login. I already contacted their support asking them to at least have PHP5 built as a module when they'll upgrade. I'm not to happy with their support anyways, responses are fast but they've never told me anything I hadn't known before asking them. I've moved from trying to use HTTP based authentication-methods to php sessions and html-form based authentication, it's much more configurable especially visual-design-wise and wasn't half as challenging to implement as I'd expected. Don't you just love when you teach yourself something new and can use it to do what you want to, and it actually works. Okay, enough chatting. I just wanted to thank you for your answers Richard, very helpful and informative. Cheers from germany, Roman. P.S.: > WILD GUESS: > > $_SERVER['REMOTE_PASSWORD'] > > ??? Nope, tried dumping $_SERVER, $_ENV and $_REQUEST upon cancelling the authentication, nothing useful in there. It says in a comment to the manual that the authdata is in $_SERVER['REMOTE_USER'] and you can either base64_transcode it (or whatever the function is called) or use apache's ModRewrite but I can't confirm that, maybe the person that suggested it was using apache2, in any case it didn't work. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
