How to access htpasswd-protected page automatically
You can src the frame with the username and password in the link itself:
http://myusername:[email protected]/mystuff
But this sort of defeats the purpose of password protecting the directory since anyone can look at the page source and know the username/password, and not all browsers support this type of URL.
You could make it so the referer is checked when attempting to access the /mystuff
directory, and if it's from where the iframe is embedded, allow access without prompting for a password. But the referer can be spoofed very easily.
Related videos on Youtube
Demilio
Updated on September 15, 2022Comments
-
Demilio over 1 year
I have a passwordprotected directory with htaccess and htpasswd.
The htaccess looks like this
AuthUserFile /usr/local/you/safedir/.htpasswd AuthGroupFile /dev/null AuthName EnterPassword AuthType Basic require user myusername
The htpasswd looks like this
myusername:password887
This password protected directory is named www.mydomainname.com/mystuff
Now, I want to access this page fram a iframe (with www.mydomain.com/mustuff/index.html as src) in index.php in my root, but I dont want to make the users fill in the username and password all the time, just keep them from entering the folder the src is in.
Is there a script that can fill out the username and password automatically without letting the "users" write the username and password all the time?
-
Demilio over 11 yearsnot really man. This could be good if it works, because I really need to keep people from accessing the directory directly. The iframe is allready in a passwordprotected area with diabled right click, so I´ve got it as secured as I need :) thansk, I´ll try this
-
Syntax Error over 10 yearsJust got this to work, it's exactly what I needed. In my case it doesn't matter if the password is exposed in source because the page in question won't display unless you're already logged in with appropriate privileges - those people are all allowed to have this password - the workaround is just for their convenience. Do you know which browsers this will fail in?