tags:

views:

252

answers:

1

I can make browser to force authentication with smart card eg ID-card when php file is protected with SSLVerifyClient in apache conf.

Now i need to display index.php usually without requiring smart card authentication and sometimes this same page must get user authenticated.

doStuff();
if ($needed==1)
  authenticateUser();
doMoreStuff();

What must authenticateUser() contain so that calling it causes browser to ask smart card pin code?

+1  A: 

You're mixing the things a tiny bit.
authenticateUser(); runs on the server, while the authentication occurres on the client. You can't stop in the middle of running a PHP script for a client authentication and then continue running the PHP script.

As a solution to your question, this might work in your case:

if(authenticationNeeded)
{
   // redirect to a page that requires authentication that does what index was supposed to do.
   redirect('index_ssl.php');
}

By using .htaccess you can define SSLVerifyClient require only for some of the directories/files.
The key point is: your web server(Apache in this case) requires a client certificate in order to grant access to any directories/files for which you specify SSLVerifyClient require.

In conclusion, there is no way to do what you want. You can only have files/directories that either require or don't require a client certificate. Tthere is no way to stop in the middle of a PHP file in order to require a client certificate, but you could redirect to one that requires one.

Marius Burz