List:General Discussion« Previous MessageNext Message »
From:Benjamin Pflugmann Date:May 26 1999 4:16am
Subject:Re: mod_auth_mysql problem
View as plain text  

On Mon, May 24, 1999 at 05:23:04PM -0400, vanboers@stripped wrote:
> Evan Thomas wrote:
> > I have mod_auth_mysql working on my server using Apache.  However,  I wanted to
> > let users be able to change their passwords but I am running into a problem
> > here.
> > 
> > First, I have a form where they can enter their new password.  This data gets
> > sent to a php form when they hit submit.  My problem is that they get prompted
> > to enter their username and password again at this point by apache even though
> > they are already authenticated.

If they are prompted, _after_ the the data has been updated in the
database, it is the logical result. They have authenticated with their
old password, then they change it and the change gets written in the
database. For the next page they access, the browser sends the old
password which is no longer valid and therefore they get prompted for
the new one.

> > Perhaps this is because I am accessing and changing the password field with SQL
> > in the php page the form redirects them to.

If there really follows a redirect, the problem above shows even
before the user accesses the next page (since the browser does it on
the redirect). So it looks like pressing 'submit' and getting that

> > Does anybody know a way to stop that from popping up.   I am getting desperate
> > and any help is much appreciated

I know of no way to avoid this when using HTTP authentication. If a
redirect is used, avoiding it should make it better. Or an
intermediate (not protected?) page could be displayed, which explains
that they have to relogin due to the password change.

> Evan,
> It could be a problem with not getting a mysqladmin reload issued after
> the password change,

mysqladmin reload is only needed when you change the privileges for
the mysql database itself. He is not talking about that, if I am not
totally wrong.

> or, if the form they enter their passwd in is in a different directory
> than the one they're redirected to.  If this is the case, you need to
> replicate the .htpasswd file into each directory within the secure PHP
> DocumentRoot area.
> Hope this helps.
> Van
> - 



Attachment: [application/pgp-signature]
mod_auth_mysql as DSO for apache?Thomas Lund17 May
  • Re: mod_auth_mysql as DSO for apache?Vivek Khera17 May
  • Re: mod_auth_mysql as DSO for apache?Sasha Pachev17 May
  • Re: mod_auth_mysql as DSO for apache?Thomas Lund17 May
  • Re: mod_auth_mysql as DSO for apache?Sasha Pachev17 May
  • mod_auth_mysql problemEvan Thomas24 May
  • Re: mod_auth_mysql problemVan25 May
    • Re: mod_auth_mysql problemBenjamin Pflugmann26 May