# .htaccess idea



## jayhusky (Mar 28, 2009)

I'm working on a feature for a website project that I'm doing at college and I'm trying to get       Htaccess to print the username of the user logged in on the subsequent pages, I've looked through google and I can't figure it out.

However I'm willing to comprimise, If someone can find a script on the net that allows people to log into restricted area's of a website and it print on the page who is logged in.

Much like FAF's "Welcome furcity", I want it to say, "Welcome *username* / Your Last Login Was *date*

Any help is much appreciated.

Thanks

Furcity


----------



## SnowFox (Mar 28, 2009)

Do you mean users authenticated by htaccess? how about $ENV{'REMOTE_USER'}


----------



## ArielMT (Mar 28, 2009)

^ This.

If you're using HTTP authentication, then the server sets the environment variable REMOTE_USER to the name of the authenticated user on every connection.


----------



## jayhusky (Mar 28, 2009)

-- EDIT SEE BELOW


----------



## jayhusky (Mar 28, 2009)

ArielMT said:


> ^ This.
> 
> If you're using HTTP authentication, then the server sets the environment variable REMOTE_USER to the name of the authenticated user on every connection.




```
$ENV{'REMOTE_USER'}
```
So I would place this in the .htaccess file, yes?

@ snowfox

yes, When a user is successfully authenticated and allowed into the protected area, thier username and last login date are printed on the screen


----------



## ArielMT (Mar 28, 2009)

furcity said:


> ```
> $ENV{'REMOTE_USER'}
> ```
> So I would place this in the .htaccess file, yes?



No!

You'll have to use a scripting language to get the value of that variable in order to show it.  What SnowFox posted was the Perl way to do that.

If you want to use static HTML instead of a script, then you're out of luck.

(Edit: Not to be confused with using a script to generate static HTML pages on the fly.)


----------



## Aurali (Mar 28, 2009)

Javascript has a way of doing it. no?

<script type="text/javascript">
user = "<!-- #echo var="REMOTE_USER" -->";
document.write("'" + user + "'")
</script>


----------



## ArielMT (Mar 28, 2009)

JavaScript runs on the client, not the server.  Though JavaScript can use techniques like AJAX to talk back to the server, a script running _on the server_ is the only thing that can access the server's environment variables.


----------



## net-cat (Mar 28, 2009)

If you're using Apache:

http://httpd.apache.org/docs/1.3/howto/ssi.html

Then you can do in your shtml files:

```
<!--#echo var="REMOTE_USER"-->
```






Eli said:


> Javascript has a way of doing it. no?
> 
> 
> ```
> ...


No. That still requires special server-side configuration, and you should never use document.write() ever.


----------



## jayhusky (Mar 28, 2009)

Fixed, I Changed my pages from .php to .shtml and added the code proposed by net-cat
Had to do a quick bit of recoding to make sure that the links and content could still work..


----------



## SnowFox (Mar 28, 2009)

furcity said:


> Fixed, I Changed my pages from .php to .shtml and added the code proposed by net-cat
> Had to do a quick bit of recoding to make sure that the links and content could still work..



Well if you were using php in the first place it should be held in the $REMOTE_USER variable ...I think, I rarely ever use php

<?php echo "Hello $REMOTE_USER"; ?>


----------



## net-cat (Mar 28, 2009)

Oh. Wish you had said you were using PHP.


```
<?php echo $_ENV['REMOTE_USER'];?>
```

(PHP hasn't had register globals enabled by default for years. Lead to epic insecure code.)


----------



## Stratelier (Mar 28, 2009)

IMO, repeatedly switching in and out of PHP blocks for simple things such as echo() is a pain and bad design.


```
echo sprintf("<!-- %s -->", htmlspecialchars($_ENV['REMOTE_USER']));
```

Use htmlspecialchars() often, especially when you are not *absolutely guaranteed* that the variable in question doesn't contain &'s or < >'s.  Special characters in supposedly clean variables can potentially lead to XSS attacks.


----------



## net-cat (Mar 28, 2009)

Right, good point. (Though I would imagine that if he's using .htaccess, none of his usernames have <, > or & in them.)

And, uh, the point of the exercise is to display the username. Not enclose it in HTML comments. And you'd still have to enclose that in "<?php ... ?>"


```
<?php echo htmlspecialchars($_ENV['REMOTE_USER']); ?>
```

SSI is probably the better choice for this, anyway.


----------



## jayhusky (Mar 28, 2009)

I set up 2 types of page pn the server and It worked alright for both, however the SSI was easier to edit and clean up while the PHP kept throwing parse errors mainly du to typo's

Edit- Screen Shot Attached of basic design.. Nothing special

Thanks for all the help anyways.

For Anyone who asks. FA is only on the page by way of an Iframe. (Sort of a content filler)


----------



## Carenath (Mar 29, 2009)

Eli said:


> Javascript has a way of doing it. no?
> 
> <script type="text/javascript">
> user = "<!-- #echo var="REMOTE_USER" -->";
> ...


Thats still using SSI...

Bleh.. kidna late to this.. net-cat has it in one.
You can use SSI (which may be disabled on your server.. Its disabled by default on some Apache installations.

And there is of course, PHP. I used it before... but I did it a bit differently, YMMV:
	
	



```
<?php echo $_SERVER['REMOTE_USER']; ?>
```


----------



## Aurali (Mar 29, 2009)

Carenath said:


> Thats still using SSI...
> 
> Bleh.. kidna late to this.. net-cat has it in one.
> You can use SSI (which may be disabled on your server.. Its disabled by default on some Apache installations.
> ...



meh no clue.. I'm still new at this.. It's a good learning experience though^^


----------

