I have used HTTP authentication through
.htaccess files each time I have needed fast and dirty password protection for an entire directory (the majority of the occasions, to be able to hide third-party applications I install for individual use). Now I have written some PHP code to exchange local passwords with OpenID. That enables me to eliminate HTTP auth during my PHP sites. However, I am still trying to puzzle out a trick I'm able to use within non-PHP stuff (from third-party programs to random stuff).
Apache doesn't appear to aid authentication with custom scripts automatically (whatever I actually do, it will operate in my host company). That leaves the apparent solution of utilizing
mod_rewrite to route everything though a PHP script that inspections qualifications and reads the prospective file but 1) it appears just like a performance killer 2) it'll hinder dynamic stuff, for example other PHP scripts.
I am wondering whether there's a method to optimize the router approach therefore the script need not send the file, or maybe I am looking over another approach. Any idea?
I believe your
mod_rewrite approach could be the only method to do that - but rather than using
readfile() (when i guess you're, according to that which you say about
it will interfere with dynamic stuff, such as other PHP scripts) you can easily
include() them, to ensure that raw files are written right to output and PHP code is performed.
You can utilize PHP HTTP-AUTH http://php.net/manual/en/features.http-auth.php
If OpenID is the thing you need consider use of mod_auth_openid for apache