Noah, You could authenticate once and generate a short-lived unique ID at the end of the URL specific to that login. or just add the name and password at the end of the URL http://www.domain.com/somePage.php?uname=sarah&password=s00pers3cr37 -- David On Feb 4, 2004, at 2:44 PM, noah wrote: > I hope this isn't something that's already been discussed -- I've > fallen behind a little on my reading (only 2482 messages behind). I > searched for it but didn't find anything. If it has been discussed, > please forgive me and point me to the subject. Thanks. > > In case it hasn't been discussed, and in case anyone doesn't know > already, the latest IE/Windows update has disabled URLs in the format: > > <http://username:email@example.com/> > > I've tested it, and sure enough, they don't work. I get an "Invalid > Syntax Error," and the standard IE "This page can not be displayed" > page (even though I have a custom error page defined, but I'm not > worrying about annoying little things like that yet). > > My problem is that I have a small PHP application that requires that > the username and password be sent through the URL in order to work. > Most of the app is protected with session-based authentication, but > for certain pages, I can't include session-calling code at the top, so > I put them in an .htaccess/.htpasswd protected directory, and pass the > username and password through the URL. > > I realise that this is not particularly secure. These aren't state > secrets I'm protecting, though, so I'm not worried about that. > > So my question is, is there another way to send the username/password > transparently through PHP? I can see that the variables exist in the > fetched page as: > > _SERVER["PHP_AUTH_USER"] and _SERVER["PHP_AUTH_PW"] > > but I can't figure out how to send the values to the page I'm > requesting. I've found plenty of scripts to add users, add groups, > etc., but nothing to just retrieve a protected page without having to > type the username/password. > > Any advice greatly appreciated. > > Cheers, > Noah > -- > * * Please support the community that supports you. * * > http://evolt.org/help_support_evolt/ > > For unsubscribe and other options, including the Tip Harvester and > archives of thelist go to: http://lists.evolt.org Workers of the Web, > evolt !