How to access htpasswd-protected page automatically
I have a passwordprotected directory with htaccess and htpasswd.
The htaccess looks like this
AuthUserFile /usr/local/you/safedir/.htpasswd
AuthGroupFile /dev/null
AuthName EnterPassword
AuthType Basic
require user myusername
The htpasswd looks like this
myusername:password887
This password protected directory is named www.mydomainname.com/mystuff
Now, I want to access this page fram a iframe (with www.mydomain.com/mustuff/index.html as src) in index.php in my root, but I dont want to make the users fill in the username and password all the time, just keep them from entering the folder the src is in.
Is there a script that can fill out the username and password automatically without letting the "users" write the username and password all the time?
Answer
You can src the frame with the username and password in the link itself:
http://myusername:[email protected]/mystuff
But this sort of defeats the purpose of password protecting the directory since anyone can look at the page source and know the username/password, and not all browsers support this type of URL.
You could make it so the referer is checked when attempting to access the /mystuff directory, and if it's from where the iframe is embedded, allow access without prompting for a password. But the referer can be spoofed very easily.