Usage example: docman.conf: $gblUsers = "htusers_header"; .htusers examples: REMOTE_ADDR=10.0.0.3:Dobrica (client ip):auth_header:dpavlin@foo.bar will match exact IP adress remote_hostname=hbreyer2:Dobrica (hostname):auth_header:dpavlin@foo.bar will match exact hostname http_referer=test.foo.bar:Dobrica (by referer):auth_header:dpavlin@foo.bar will match user which comes from site test.foo.bar remote_user=dpavlin:Dobrica (by server http auth):auth_header:dpavlin@foo.bar will match user "dpavlin" which is authetificated using .htaccess */ $htusers_file=dirname($SCRIPT_FILENAME)."/.htusers"; $cookie_name="docman_autologin"; $cookie_val=md5($htusers_file.$GLOBALS[REMOTE_ADDR]); $cookie_val_force=md5($htusers_file.$GLOBALS[REMOTE_USER]); if (isset($HTTP_COOKIE_VARS[$cookie_name]) && $HTTP_COOKIE_VARS[$cookie_name] == $cookie_val) { // no PHP_AUTH_PW set $login_allowed=1; } elseif (isset($HTTP_COOKIE_VARS[$cookie_name]) && $HTTP_COOKIE_VARS[$cookie_name] == $cookie_val_force) { // PHP_AUTH_PW is set, force login! $force_login_allowed=1; } else { $login_allowed=0; } $force_login_allowed=0; $htusers=fopen($htusers_file,"r"); while($user = fgetcsv($htusers,255,":")) { if ( $user[2]=="auth_header" ) { $tmp = explode("=",$user[0]); if (stristr($tmp[0],"REMOTE_ADDR") && $tmp[1] == $GLOBALS[REMOTE_ADDR]) $login_allowed=1; elseif (stristr($tmp[0],"REMOTE_hostname")) { $remote_hostname=gethostbyaddr($GLOBALS[REMOTE_ADDR]); // remove everything after first dot $remote_hostname=substr($remote_hostname,0,strpos($remote_hostname,".")); if ($tmp[1] == $remote_hostname) $login_allowed=1; } elseif (stristr($tmp[0],"http_referer")) { //error_log("$tmp[0]: $tmp[1] ?? $GLOBALS[HTTP_REFERER]",0); if (isset($GLOBALS[HTTP_REFERER]) && stristr($GLOBALS[HTTP_REFERER],$tmp[1])) { setcookie($cookie_name,$cookie_val_force,time()+3600); $login_allowed=1; //error_log("$tmp[0]: $tmp[1] == $GLOBALS[HTTP_REFERER]",0); } } elseif (stristr($tmp[0],"remote_user") && isset($GLOBALS[AUTH_TYPE]) && isset($GLOBALS[REMOTE_USER])) { if ($GLOBALS[REMOTE_USER] == $tmp[1]) { $force_login_allowed=1; } } //error_log("$tmp[0]: $tmp[1] == $GLOBALS[REMOTE_USER] go!go!go! $login_allowed|$force_login_allowed|$PHP_AUTH_PW",0); if (($login_allowed && !isset($GLOBALS[gblPasswd])) || ($force_login_allowed && isset($GLOBALS[gblPasswd]))) { $gblUserName=$user[1]; // make fake login credentials $GLOBALS[gblPasswd]=$GLOBALS[gblLogin]=$user[0]; $secHash=md5($GLOBALS[gblLogin].$GLOBALS[gblPasswd]); $gblEmail=$user[3]; break ; } } } fclose($htusers); ?>