[thelist] username:password in URLs

noah noah at tookish.net
Wed Feb 4 16:44:01 CST 2004

I hope this isn't something that's already been discussed -- I've fallen 
behind a little on my reading (only 2482 messages behind). I searched 
for it but didn't find anything. If it has been discussed, please 
forgive me and point me to the subject. Thanks.

In case it hasn't been discussed, and in case anyone doesn't know 
already, the latest IE/Windows update has disabled URLs in the format:


I've tested it, and sure enough, they don't work. I get an "Invalid 
Syntax Error," and the standard IE "This page can not be displayed" page 
(even though I have a custom error page defined, but I'm not worrying 
about annoying little things like that yet).

My problem is that I have a small PHP application that requires that the 
username and password be sent through the URL in order to work. Most of 
the app is protected with session-based authentication, but for certain 
pages, I can't include session-calling code at the top, so I put them in 
an .htaccess/.htpasswd protected directory, and pass the username and 
password through the URL.

I realise that this is not particularly secure. These aren't state 
secrets I'm protecting, though, so I'm not worried about that.

So my question is, is there another way to send the username/password 
transparently through PHP? I can see that the variables exist in the 
fetched page as:


but I can't figure out how to send the values to the page I'm 
requesting. I've found plenty of scripts to add users, add groups, etc., 
but nothing to just retrieve a protected page without having to type the 

Any advice greatly appreciated.


More information about the thelist mailing list