|
|
Posted by David Hennessy on 10/17/07 16:52
Jeremy wrote:
> David Hennessy wrote:
>> Hi! Is there any way to limit the number of retries when using HTTP
>> authentication in PHP?
>>
>
> Despite what everyone else says, this is possible with PHP (though not
> with Apache's built-in HTTP authentication, AFAIK).
>
> Read this:
>
> http://us2.php.net/manual/en/features.http-auth.php
>
> The idea is that when the user first tries to access the document, you
> send an HTTP 401 header. At this point, you can also keep track of this
> as an "attempt" in whatever fashion you like (local database of IP
> addresses, for example). Now, each time the user types a new password
> you'll check it, and if it's wrong you'll send another 401 header. Keep
> track of how many times this happens, and if the number of attempts
> exceeds your limit, send a 403 (forbidden) instead of a 401.
Hi Jeremy,
Do you have a reference or an example to demonstrate this? I've
extensively consulted the URL you referenced, and don't see anything to
suggest the functionality you're describing. From my own tests, it
appears that the authentication challenge pop-up does not return to the
PHP script until the user either enters a correct password or hits
"cancel" -- so there's no place to interrupt until the authentication
bit is done. Am I misunderstanding?
--
Namaste,
David
Navigation:
[Reply to this message]
|