|
|
Posted by Els on 03/09/07 12:42
Rik wrote:
>> Thanks Rik, I've tried that in a local page, and it works. That is, it
>> lets me in regardless of whether I get the password right or not, the
>> difference is the error message if I got it wrong.
>
> Check, that was the purpose of the exercise, to check this.
Check succeeded then :-)
>> How do I get a new
>> login prompt if the details are incorrect,
>
> <?php
> $valid = false;
> if(isset($_SERVER['PHP_AUTH_USER'])
> && $_SERVER['PHP_AUTH_USER'] = $username
> && isset($_SERVER['PHP_AUTH_PW'])
> && $_SERVER['PHP_AUTH_PW'] = $password){
> $valid = true;
> }
> if(!$valid){
> header('WWW-Authenticate: Basic realm="My Realm"');
> header('HTTP/1.0 401 Unauthorized');
> echo 'Text to send if user hits Cancel button';
> exit;
> }
> echo 'YOu are succesfully logged in.';
> ?>
Right! that works, thanks.
I'll experiment with Joomla to see if it can work for what I wanted
too.
>> and also, how do I "log
>> out" again? I can't make two attempts in a row, it just keeps whatever
>> I filled out once as final...
>
> Indeed it does, you browser remembers the last used username & password
> and keeps sending those. Logging out with HTTP authentication is not as
> easy as other types, hence the reason why it's sparingly used. Google for
> some answers, but it's al kind of buggy.
Now that a bad input gives a new prompt, it's not as urgent to be able
to log out though. This thing is meant for only one user, so she could
just clear her cache after using the page if she wouldn't be on her
own computer at the time.
> If you need loggging out, my advise would be something other then HTTP
> authentication. Just use PHP's session capabilities.
Will do. Thanks again for all the information Rik, appreciate it :-)
--
Els http://locusmeus.com/
Now playing: David Bowie - DJ
Navigation:
[Reply to this message]
|