Allow PHP file access to protected folder?

Question

I have a site www.abc.domain.com protected with .htaccess & .htpasswd.
I have file a callback.php file that need to access www.abc.domain.com and check for data. This file is in other server, other domain.
I use curl to request.

I see CURLOPT_USERPWD can be used for access protected folder. But in my callback.php file, it doesnt have CURLOPT_USERPWD. How do I modify my file, add CURLOPT_USERPWD to make it works?

You can see my file here:

<?php
function callback_start() {
    $yoururl = "http://abc.domain.com";
    include "key.php";
    $pass_array['key'] = $key;
    $pass_array['domain'] = $_SERVER['SERVER_NAME'];

    function confirm($url, $data) {
        $options = array(CURLOPT_RETURNTRANSFER => true, CURLOPT_HEADER => false,
            CURLOPT_FOLLOWLOCATION => false, CURLOPT_AUTOREFERER => true,
            CURLOPT_CONNECTTIMEOUT => 50, CURLOPT_TIMEOUT => 50, CURLOPT_MAXREDIRS => 0,
            CURLOPT_POST => 1, CURLOPT_POSTFIELDS => $data, CURLOPT_SSL_VERIFYHOST => 0, );

        $ch = curl_init($url);
        curl_setopt_array($ch, $options);
        $content = curl_exec($ch);
        curl_close($ch);
        return $content;
    }

    $info = confirm($yoururl . "/folder/index.php", $pass_array);
    if ($info['status'] == "2") {
        return die("Suspended!");
    }elseif($info['status'] == "3") {
        return die("Incorrect");
    }elseif($info['status'] != "1") {
        return die("Error!");
    }
}
?>

Im not sure how to use `curl_setopt($curlObj, CURLOPT_USERPWD, “$username:$password”);` as array. — Kien Pham, Feb 02 '12 at 08:09

score 0 · Answer 1 · edited May 23 '17 at 12:03

It may be a stretch, but if you run the servers on the same local network you can do this:

Using .htaccess to mask a domain?

Applied here: (food for Apache config file httpd.conf)

<VirtualHost *:80>
    ServerName private.abc.com
    ProxyRequests     Off
    ProxyPreserveHost On
  <Proxy *>
    Order deny,allow
    Allow from all
  </Proxy>
    ProxyPass / http://protected-site-local-ip:80/private/
    ProxyPassReverse / http://protected-site-local-ip:80/private/
  <Location />
    Allow from all
  </Location>
</VirtualHost>

Since PHP runs on the local system, it would have no trouble accessing the proxied-site (with no password, but only accessible from local network). Make sure you don't give the proxied one a public domain.

I haven't tried it yet, but can you go from PHP directly to files on the local network? (e.g. http://10.149.2.1/www/private/stuff-you-need) ? You may be able to bypass the proxy method entirely.

score 0 · Answer 2 · answered Feb 03 '12 at 02:42

Well I haven't tried this, but my thought is that you would do it like this:

   function confirm($url, $data) {
        $options = array(CURLOPT_RETURNTRANSFER => true, CURLOPT_HEADER => false,
            CURLOPT_FOLLOWLOCATION => false, CURLOPT_AUTOREFERER => true,
            CURLOPT_CONNECTTIMEOUT => 50, CURLOPT_TIMEOUT => 50, CURLOPT_MAXREDIRS => 0,
            CURLOPT_POST => 1, CURLOPT_POSTFIELDS => $data, CURLOPT_SSL_VERIFYHOST => 0, 
            CURLOPT_USERPWD => $username.":".$password, );

        $ch = curl_init($url);
        curl_setopt_array($ch, $options);
        $content = curl_exec($ch);
        curl_close($ch);
        return $content;
    }

Allow PHP file access to protected folder?

2 Answers2