Reply to Re: How to set the username/password when using http authentication?

Your name:

Reply:


Posted by Rik on 03/09/07 12:22

Els <els.aNOSPAM@tiscali.nl> wrote:
> Rik wrote:
>> <?php
>> $username =3D 'username';
>> $password =3D 'password';
>> if (!isset($_SERVER['PHP_AUTH_USER'])) {
>> header('WWW-Authenticate: Basic realm=3D"My Realm"');
>> header('HTTP/1.0 401 Unauthorized');
>> echo 'Text to send if user hits Cancel button';
>> exit;
>> } else {
>> if($_SERVER['PHP_AUTH_USER'] !=3D $username)
>> echo 'Username incorrect:'.$_SERVER['PHP_AUTH_USER'].',
>> expected:'.$username;
>> if($_SERVER['PHP_AUTH_PW'] !=3D $password)
>> echo 'Username incorrect:'.$_SERVER['PHP_AUTH_PW'].',
>> expected:'.$password;
>> }
>> ?>
>>
>> Take it from there, add the md5 in later, then try it in Joomla, the =
try
>> to use the database.
>
> Thanks Rik, I've tried that in a local page, and it works. That is, it=

> lets me in regardless of whether I get the password right or not, the
> difference is the error message if I got it wrong.

Check, that was the purpose of the exercise, to check this.

> How do I get a new
> login prompt if the details are incorrect,

<?php
$valid =3D false;
if(isset($_SERVER['PHP_AUTH_USER'])
&& $_SERVER['PHP_AUTH_USER'] =3D $username
&& isset($_SERVER['PHP_AUTH_PW'])
&& $_SERVER['PHP_AUTH_PW'] =3D $password){
$valid =3D true;
}
if(!$valid){
header('WWW-Authenticate: Basic realm=3D"My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'Text to send if user hits Cancel button';
exit;
}
echo 'YOu are succesfully logged in.';
?>

> and also, how do I "log
> out" again? I can't make two attempts in a row, it just keeps whatever=

> I filled out once as final...

Indeed it does, you browser remembers the last used username & password =
=

and keeps sending those. Logging out with HTTP authentication is not as =
=

easy as other types, hence the reason why it's sparingly used. Google fo=
r =

some answers, but it's al kind of buggy.

If you need loggging out, my advise would be something other then HTTP =

authentication. Just use PHP's session capabilities.
-- =

Rik Wasmus
Posted on Usenet, not any forum you might see this in.
Ask Smart Questions: http://tinyurl.com/anel

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация