0

This is a two part question.

The first question is. I am looking for a way to shield my php pages using one of these generic login boxes that appear without a real page / html form. Like this box here. What is the name of this? How is it done?

Snapshot of password box

The second is. I want to CRON to visit this password page, and kick off a php script.

ThomasReggi
  • 55,053
  • 85
  • 237
  • 424

4 Answers4

3

The dialog shows up for HTTP "Basic" or "Digest" authentication. This should not be used for anything serious. The "Basic" authentication sends passwords in the clear to the server. "Digest" is somewhat better, but there is no way for a user to detect whether the password he's supplying will be used for Basic or Digest (it might not even be clear to the user whether he's authenticating with an HTTP or HTTPS server).

Finally, most browsers offer only very obscure ways to clear a password for these authentication methods once it has been typed in. There is no way for the website itself to force a "log out" purge. So users who need to use shared/public computers will not be able to log out afterwards.

hmakholm left over Monica
  • 23,074
  • 3
  • 51
  • 73
  • with the second part I can agree, but the first does not make sense. Leaving the logout possibility aside, basic auth is as secure as any commonly used "form" logon procedures. The data will be still sent as plain-text, unless HTTPS is used. I'm sure you are aware of this, just people might get the wrong idea. – Uku Loskit Aug 20 '11 at 23:55
  • 1
    Well, the parenthesis is more important than it seemed when I wrote it. Users can be taught, perhaps, some of them, not to enter their password into a form without seeing the HTTPS icon on the page. With Basic auth, this UI will not be immediately associated with the password dialog, assuming that the browser has even updated it appropriately when it shows the dialog. – hmakholm left over Monica Aug 21 '11 at 00:06
1

This is called HTTP Basic Authentication. Basic authentication can be invoked through PHP (as Timur suggested), or through Apache.

AuthType Basic
AuthName "Restricted Files"
AuthUserFile /usr/local/apache/passwd/passwords
Require user thomasreggi

As for the second part, you can use cron with wget or make cron run your php curl script. Here's a question which shows how to do this.

Community
  • 1
  • 1
Uku Loskit
  • 40,868
  • 9
  • 92
  • 93
1

http://php.net/manual/en/features.http-auth.php

Timur
  • 6,668
  • 1
  • 28
  • 37
1

  1. It sounds like you're referring to basic HTTP authentication.

    If you're using the Apache webserver, use this documentation to help you set it up.

  2. In general, URIs may contain authentication details and HTTP will accept these.

    Form your URL like:

    http://<username>:<password>@hostname/path

You may be better-off using CodeIgniter's built-in authentication facilities.

Lightness Races in Orbit
  • 378,754
  • 76
  • 643
  • 1,055
  • 2
    I wouldn't call that codeigniter's built in authentication - codeigniter doesn't have a built in authentication library (the link you posted is just a little library someone outside of codeigniter has supplied, and it's not the best one anyway) – Matthew Aug 21 '11 at 00:53