开发者

Dynamic Apache authentication via PHP

开发者 https://www.devze.com 2023-03-10 12:27 出处:网络
I would like to implement a dynamic authentication process using Apache and PHP. My current project is break into two parts:

I would like to implement a dynamic authentication process using Apache and PHP. My current project is break into two parts:

  1. I have a classic LAMP project running, where users already have a login/password that I use to grant them access to different part of my system.

  2. Some documents (Text, Office, ...) are hosted on a separate DAV server (same server but different domains) and users may edit them directely from their Office program (Word, Excel ...) using Dav/ActiveX/IE combination.

I would like to allow the users registered on my first system to use different DAV method based on their current right (stored in the 开发者_StackOverflow中文版DB)

For example, Mr X may have access to document A with PUT/GET method, but no access to document B.

I generally solve this kind of problem by using a PHP authentication, but, as far as I know, my authentication occured within the Microsoft Office application. Office directly "discuss" with Apache so I certainly need to override the .htaccess file for example. I have too many users to store them by hand in the .htaccess (~10K) and many files on the DAV server (~1K). Moreover, users rights may change over time.

Is there a way to generate dynamic htaccess files? Or to add some sort of handlers to "tell" Apache to allow or prohibit a user/password to certain file(s)?


All you need is http://modauthmysql.sourceforge.net/

You can configure your apache by .htaccess to authenticate against mysql DB. Of course you can use existing Mysql tables with users in it.

Here is my working configuration:

    <Directory "/u05/data">
            AllowOverride All

            Order Allow,Deny
            Allow from All
            Deny from None

            AddType application/octet-stream .rar
            AuthName "Download zone - secured"
            AuthType Basic

            AuthMYSQLEnable on
            AuthMySQLUser http_auth
            AuthMySQLPassword http_auth
            AuthMySQLDB mydatabase
            AuthMySQLUserTable users
            AuthMySQLNameField user_name
            AuthMySQLPasswordField user_password
            AuthMySQLPwEncryption crypt

            require valid-user
    </Directory>


I guess you could setup a cron php file which queries the database, retrieves the usernames and their permissions and builds up the htacess file based on that info. The script should have write permissions on that htacess file so I suggest you put it somewhere safe, outside your web projects and outside the www directory.

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号