Reply to Re: HTTP Authentication in PHP -- limit retries? — All PHP

Posted by Jeremy on 10/16/07 18:35

David Hennessy wrote:
> Hi! Is there any way to limit the number of retries when using HTTP
> authentication in PHP?
>

Despite what everyone else says, this is possible with PHP (though not
with Apache's built-in HTTP authentication, AFAIK).

Read this:

http://us2.php.net/manual/en/features.http-auth.php

The idea is that when the user first tries to access the document, you
send an HTTP 401 header. At this point, you can also keep track of this
as an "attempt" in whatever fashion you like (local database of IP
addresses, for example). Now, each time the user types a new password
you'll check it, and if it's wrong you'll send another 401 header. Keep
track of how many times this happens, and if the number of attempts
exceeds your limit, send a 403 (forbidden) instead of a 401.

Jeremy

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация