Posted by peter on 07/01/07 21:53

>I can remove the 401 header line in the following code and it operates
> exactly the same.
>
> <?php
>
> if (!isset($_SERVER['PHP_AUTH_USER'])) {
> //header('WWW-Authenticate: Basic realm="My Realm"');
> header('HTTP/1.0 401 Unauthorized');
> echo 'Text to send if user hits Cancel button';
> exit;
> } else {
> echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
> echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</
> p>";
> }
> ?>

A 401 header is a standard header that informs the browser/user that they
are not authorised to access the requested page. As you can see from the
script it is triggered in this case if $_SERVER['PHP_AUTH_USER'] is not set
ghence the user not logged in.

[Back to original message]