I can make browser to force authentication with smart card eg ID-card when php file is protected with SSLVerifyClient in apache conf.
Now i need to display index.php usually without requiring smart card authentication and sometimes this same page must get user authenticated.
doStuff();
if ($needed==1)
authenticateUser();
doMoreStuff();
What must authenticateUser() contain so that calling it causes browser to ask smart card pin code?
You're mixing the things a tiny bit.
authenticateUser(); runs on the server, while the authentication occurres on the client. You can't stop in the middle of running a PHP script for a client authentication and then continue running the PHP script.
As a solution to your question, this might work in your case:
if(authenticationNeeded)
{
// redirect to a page that requires authentication that does what index was supposed to do.
redirect('index_ssl.php');
}
By using .htaccess you can define SSLVerifyClient require only for some of the directories/files.
The key point is: your web server(Apache in this case) requires a client certificate in order to grant access to any directories/files for which you specify SSLVerifyClient require.
In conclusion, there is no way to do what you want. You can only have files/directories that either require or don't require a client certificate. Tthere is no way to stop in the middle of a PHP file in order to require a client certificate, but you could redirect to one that requires one.