Good day everybody,

I've got a directory setup with a few Apache Auth stuff. This is actually the directory:

Use ado-jeune:tezesyrab to login.

This is actually the code for that .htaccess that forces it:

AuthName "Connexion au dossier:"
AuthType Basic
AuthUserFile "D:\Dropbox\htaccess\secret\.htpasswd"
Require valid-user

The login form for your directory is produced through the browser, but If only to make use of my very own HTML form with this. How do i get it done? I have attempted using cURL with PHP:

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, '');
curl_setopt($ch, CURLOPT_USERPWD, 'ado-jeune:tezesyrab');
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);

That authenticates fine, the main problem with that's it does not redirect towards the page (regardless of the CURLOPT_FOLLOWLOCATION), it basically "includes" it in the present file. As a result, my relative links are damaged.

What exactly I am searching for is a method to use my very own HTML form to authenticate for an Apache Fundamental Auth directory, and also to redirect to that particular directory after.


Regrettably, what you are explaining will probably be hard to implement because of the way in which AuthBasic works. From Apache's documentation:

Due to the way in which Fundamental authentication is specified, your account information should be verified any time you request a document in the server. This really is even when you are reloading exactly the same page, as well as for every image around the page (when they originate from a protected directory).

Browsers handle delivering anyone's qualifications instantly for every subsequent request following the user makes its way into them in.

However in your situation, the browser is not hooking up towards the protected directory, but instead cURL is. One solution is always to have cURL process all demands to that particular protected directory, essentially serving as a proxy.

To do this, you would need to write a PHP script that demands anyone's qualifications and transmits them along because it demands a webpage within the protected directory. So something similar to this:


    // This is *very* basic - you would of course need to make sure the user 
    // isn't trying to access something in another location
    $dest = $_GET["dest"];

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, '' . $dest);

    // You would retrieve the user's credentials from an HTML form and save them in session vars
    curl_setopt($ch, CURLOPT_USERPWD, $_SESSION["username"] . ":" . $_SESSION["password"]);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);




Hope this can help!

You may can define your personal error document which includes the shape in .htaccess:

ErrorDocument 401 /my_custom_password_form.html