Guys, Is it possible that i can call a script or redirect users in Auth_MYSQL. Example AuthName "Private Area" AuthType Basic Auth_MySQL_Host 99.99.99.99 Auth_MySQL_Username xxx Auth_MySQL_Password yyy Auth_MySQL_DB myDB Auth_MySQL_Password_Table users Auth_MySQL_Username_Field user Auth_MySQL_Password_Field pass Auth_MySQL_Password_Clause " AND areaid=aaaa" Auth_MySQL_Encrypted_Passwords Off Auth_MySQL_Non_Persistent On Auth_MYSQL On Auth_MySQL_Empty_Passwords Off require valid-user ..>redirect/call url i.e. http://domain.com/checkuser.php?user=usernameentered Similar to $username=$_GET['user']; header("Location: http://domain.com/checkuser.php?user=$username); exit; Thanks, Mike
hi EricBruggema, Thanks for reply. Yeah, seems like impossible. But my objective is i want to identify the user whenever he/she access a certain file i.e. http://domain.com/privatearea/myvideo.avi. So when user visits http://domain.com/privatearea/myvideo.avi i cant trigger a script I can identify username/password via $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] but i cant trigger the script if user access non php file like .avi, .doc etc Thanks again, Mike
Run everything through a PHP script that checks the environment variables set by the Apache auth module and then byteserves the file, or refuses to, as appropriate.
Hi SmallPotatoes Many thanks for your response, can you give me more detail about this one. So it seems like i need to do some changes on my apache? I consider all filetypes as .php, is that what you mean?, coz the script ill be adding up is like a username/password checking, if the username/password logs is on my blacklist i will redirect it to another page but if not the user will jump on the page he/she visiting. Example htt://domain.com/privatearea/movie.avi Before accessing the movie.avi, i want to call a script to check the username/password($_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW']) then if its ok the user can access movie.avi but if not i will redirect to other page. So based from your suggestion you want me to treat .avi as .php by making some changes in apache? Thanks again, Mike
You wouldn't have to make changes in Apache, just use a RewriteRule in privatearea/ to send everything to your PHP script. The easy way is then to have your PHP script readfile() to send the file onward. The problem is that it will be slow for some client plugins that like to be able to get arbitrary parts of the file or get it with multiple parallel connections. For this you need to do byteserving, which you can find scripts for online.
@SmallPotatoes Many thanks for reply. I understand now what you mean. But i cant remove the mysql_auth on top of validation due some business reason (we want to make the installation of our script generic or fit on existing script). I was able to redirect user using this code AuthName "Private Area" AuthType Basic Auth_MySQL_Host 99.99.99.99 Auth_MySQL_Username xxx Auth_MySQL_Password yyy Auth_MySQL_DB myDB Auth_MySQL_Password_Table users Auth_MySQL_Username_Field user Auth_MySQL_Password_Field pass Auth_MySQL_Password_Clause " AND areaid=aaaa" Auth_MySQL_Encrypted_Passwords Off Auth_MySQL_Non_Persistent On Auth_MYSQL On Auth_MySQL_Empty_Passwords Off require valid-user Redirect /olddirectory http://www.newdomain.com/check.php although my problem is i cant get the original page on where the visitor is coming from. I tried to use $_SERVER['HTTP_REFERER']; but it only display blank. I cant also get the username entered I was thinking if this is possible in .htaccess Redirect /olddirectory http://www.newdomain.com/check.php?username=username&page=http://domain.com/icametothispage.php Thanks, Mike
Try using RewriteRule, you should be able to sneak %{HTTP_USER_AGENT} and %{REMOTE_USER} or %{REMOTE_IDENT} into your rewritten URL. RewriteRule /olddirectory http://x.y.x/?page=%{HTTP_USER_AGENT} or something similar.
thanks SmallPotatoes I try it but no luck. Something like this AuthName "Private Area" AuthType Basic Auth_MySQL_Host 99.99.99.99 Auth_MySQL_Username xxx Auth_MySQL_Password yyy Auth_MySQL_DB myDB Auth_MySQL_Password_Table users Auth_MySQL_Username_Field user Auth_MySQL_Password_Field pass Auth_MySQL_Password_Clause " AND areaid=aaaa" Auth_MySQL_Encrypted_Passwords Off Auth_MySQL_Non_Persistent On Auth_MYSQL On Auth_MySQL_Empty_Passwords Off require valid-user RewriteEngine On RewriteRule /olddirectory http://www.domain.com/check.php?page=%{HTTP_USER_AGENT} ;(, i guess this is not possible adding a redirect like http://www.domain.com/check.php?username=myusername&page=http://domain.com/privatearea/movie.avi Thanks, Mike
Sorry, I was being an idiot. You don't want HTTP_USER_AGENT, you want HTTP_REFERER. Really not sure what I was thinking.