I would like to implement a dynamic authentication process using Apache and PHP. My current project is break into two parts:
I have a classic LAMP project running, where users already have a login/password that I use to grant them access to different part of my system.
Some documents (Text, Office, ...) are hosted on a separate DAV server (same server but different domains) and users may edit them directely from their Office program (Word, Excel ...) using Dav/ActiveX/IE combination.
I would like to allow the users registered on my first system to use different DAV method based on their current right (stored in the 开发者_StackOverflow中文版DB)
For example, Mr X may have access to document A with PUT/GET method, but no access to document B.
I generally solve this kind of problem by using a PHP authentication, but, as far as I know, my authentication occured within the Microsoft Office application. Office directly "discuss" with Apache so I certainly need to override the .htaccess file for example. I have too many users to store them by hand in the .htaccess (~10K) and many files on the DAV server (~1K). Moreover, users rights may change over time.
Is there a way to generate dynamic htaccess files? Or to add some sort of handlers to "tell" Apache to allow or prohibit a user/password to certain file(s)?
All you need is http://modauthmysql.sourceforge.net/
You can configure your apache by .htaccess to authenticate against mysql DB. Of course you can use existing Mysql tables with users in it.
Here is my working configuration:
<Directory "/u05/data">
AllowOverride All
Order Allow,Deny
Allow from All
Deny from None
AddType application/octet-stream .rar
AuthName "Download zone - secured"
AuthType Basic
AuthMYSQLEnable on
AuthMySQLUser http_auth
AuthMySQLPassword http_auth
AuthMySQLDB mydatabase
AuthMySQLUserTable users
AuthMySQLNameField user_name
AuthMySQLPasswordField user_password
AuthMySQLPwEncryption crypt
require valid-user
</Directory>
I guess you could setup a cron php file which queries the database, retrieves the usernames and their permissions and builds up the htacess file based on that info. The script should have write permissions on that htacess file so I suggest you put it somewhere safe, outside your web projects and outside the www directory.
精彩评论