I have root folder and members folder, I have implemented password protection on both using different htaccess and different htpasswd file.
Both logins are working fine if used individually. But if I login on root folder then I can't login on members folder and vice versa. Although credentials are correct.
Root folder htaccess file:
SetEnvIf Request_URI "^/(index\.php)?$" noauth=1
SetEnvIf Request_URI "^/join.php" noauth=1
SetEnvIf Request_URI "^/2257.php" noauth=1
SetEnvIf Request_URI "^/testing.php" noauth=1
SetEnvIf Request_URI "^/style" noauth=1
SetEnvIf Request_URI "^/js" noauth=1
SetEnvIf Request_URI "^/h_footer" noauth=1
SetEnvIf Request_URI "^/images" noauth=1
SetEnvIf Request_URI "^/uploads" noauth=1
SetEnvIf Request_URI "^/contactus.php" noauth=1
SetEnvIf Request_URI "^/epoch/epoch_passmanage.php" noauth=1
AuthType Basic
AuthName "RESTRICTED"
#AuthName "Restricted Area"
AuthUserFile "/path/to/.htpasswd"
require valid-user
Options -Indexes
Options +FollowSymlinks
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([^.]+)$ /sd3.php?show=true&name=$1 [L]
# Here is where we allow/deny
Order Deny,Allow
Satisfy any
Deny from all
Require valid-user
Allow from env=noauth
Members folder htaccess file:
AuthType Basic
AuthName "RESTRICTED"
#AuthName "Restricted Area"
AuthUserFile "/path/to/different/.htpasswd"
require valid-user
Options -Indexes
Options +FollowSymlinks
RewriteEngine On
RewriteBase /members/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([^.]+)$ content.php?show=true&name=$1 [L]
Inside php I'm checking login for both root and members as:
if (isset($_SERVER['PHP_AUTH_USER'])) {
//logged in: success
}
Probably, your browser has no way of knowing that it needs to prompt/supply a different username/password.
By changing the AuthName on one of them, it will know to prompt again and supply a different set of credentials, without silently failing.