virgilsego-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
2007-Oct-12 22:23 UTC
Prototype Ajax.Request with .htaccess?
I currently have a member system based on cookies. I have several sections of the site that are protected by .htaccess/.htpassword files. Their logon information for the protected sections are saved in a database on the non-protected side. Is it possible to pass their apache authentication information in the Ajax.Request object and log them on? What I envision is a link that shows their status. If the Ajax routine is able to access the password protected directory, the link will say something like "Member File Area". If the routine fails, it wouls say something like "Account Expired". The microsoft object appears to allow you to pass authentication information through XHTMLRequest but I can''t find corresponding documentation on the prototype.js method. Thanks in advance Daniel Frederick --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Spinoffs" group. To post to this group, send email to rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-spinoffs?hl=en -~----------~----~----~----~------~----~------~--~---
I *think* setting the url to http://user:password-1Ol41QYMq4NWk0Htik3J/w@public.gmane.org is what you are after... how to make sure PT uses the user:password is something I cannot answer. On 10/12/07, virgilsego-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org <virgilsego-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > > I currently have a member system based on cookies. I have several > sections of the site that are protected by .htaccess/.htpassword > files. > > Their logon information for the protected sections are saved in a > database on the non-protected side. Is it possible to pass their > apache authentication information in the Ajax.Request object and log > them on? > > What I envision is a link that shows their status. If the Ajax routine > is able to access the password protected directory, the link will say > something like "Member File Area". If the routine fails, it wouls say > something like "Account Expired". > > The microsoft object appears to allow you to pass authentication > information through XHTMLRequest but I can''t find corresponding > documentation on the prototype.js method. > > Thanks in advance > > Daniel Frederick > > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Spinoffs" group. To post to this group, send email to rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-spinoffs?hl=en -~----------~----~----~----~------~----~------~--~---
virgilsego-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
2007-Oct-13 06:30 UTC
Re: Prototype Ajax.Request with .htaccess?
Yeah, thats the direction I started going but I''ve been reading a lot about how that method is no longer supported by most browsers. I guess an AJAX request is a little different, but it seemed like the same limitation might apply. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Spinoffs" group. To post to this group, send email to rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-spinoffs?hl=en -~----------~----~----~----~------~----~------~--~---
I recommend that you rethink your authentication model first (or update it).
HTTP BasicAuth is not really something i would offer as a "all-user
entrance". Cookies are unsafe aswell, because of proxies, where those
can easily get lost (caching, never reach destination), and even
worse: be manipulated by the client, stolen by others, etc.
If you can, try to implement a session based authentication first.
Your initial problem will then be solved too.
For the functionality in question i don''t see why you require the
password in the first place. I suggest creating a serverside script
that just takes the name (which is unique, hopefully), that reads the
htpasswd and returns the status.
Ajax.Request(''/checkstatus?user=[name]'')
(if response==''expired'') {...}
You get the idea :)
Hope this helps.
Best,
Kjell
On 10/13/07, virgilsego-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
<virgilsego-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:>
> Yeah, thats the direction I started going but I''ve been reading a
lot
> about how that method is no longer supported by most browsers. I guess
> an AJAX request is a little different, but it seemed like the same
> limitation might apply.
>
>
>
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Spinoffs" group.
To post to this group, send email to
rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-spinoffs?hl=en
-~----------~----~----~----~------~----~------~--~---
virgilsego-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
2007-Oct-16 21:52 UTC
Re: Prototype Ajax.Request with .htaccess?
The reason I need the password is that the Ajax callback needs to both check the status of the account AND authenticate them to the server. It needs to show if the account is active, and if it''s active, it will create a link that lets them into the .htaccess protected section of the site. It''s sort of a pain. Not my most ideal situation, but its the problem I''ve been given to solve. :) I think we''ve all been there. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Spinoffs" group. To post to this group, send email to rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-spinoffs?hl=en -~----------~----~----~----~------~----~------~--~---