On Fri, February 2, 2007 8:17 am, Ryan A wrote: > I have a pal who uses a htpasswd file for access to his site.. > > rather than using basic_auth he wants to change it to form based > _without_ a DB (ie user comes to his site and enters the username and > password into a form, then submits it to the php script, the php > script reads the htpasswd file and accordingly grants access or denies > access if the login does not match) > > Am not so sure about this but before i can make an arguement against > this, I should know something myself so my questions to you more > knowledgeable guys are: > 1. Is it such a good idea switching? If he thinks the Basic Auth popup is "icky" then go ahead and get rid of it. No biggie. There's no great advantage to Basic Auth, and, actually, having the authentication done in PHP can be beneficial if you want to start doing some custom logging and user profile modeling of logins. It's certainly possible to get access to that, or to integrate that after the HTTP Basic Auth has been done, but it can be "cleaner" code to have it all as one conceptual mess in PHP, instead of a mess in HTTP Auth Apache and another in PHP. > 2.Wont the basic_auth pop up anyway even after entering these values > into the form? Not unless you send the headers out, either with PHP, or with .htaccess (or httpd.conf) settings to do HTTP Basic Authentication > 3. If having a hundreds (or even thousands) of user:pass combinations > in the htpasswd file.... wont it make logging in longer and more > processor intensive to search all of the combinations till you find > (or not find) the login? Not really. $file = file_get_contents('/full/path/to/htpasswd'); preg_match_all('/(.*):(.*)$/msU', $file, $htpassd); //play games with array_flip or array_slice here to get //an associative array of $users['username'] = 'password'; //Your login check is then a simple array reference > Did some small code experiments before coming here asking for > advise... > can send you the code I have written if need be...but what i have > found out is with small amounts of data i see no difference in speed > of loggin in using the htpasswd file as the "login database".. Whether reading the file or the DB is faster depends totally and your hardware and network topology between web server and db server, or lack thereof. Nothing anybody else can say on this matter has any real meaning. -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php