FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Query about WWW-Authenticate: Basic and bad UserID/Password recovery
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Query about WWW-Authenticate: Basic and bad UserID/Password recovery [message #178350 is a reply to message #178349] Sun, 10 June 2012 20:52 Go to previous messageGo to previous message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
Senior Member
On 6/10/2012 4:14 PM, Robert Rosenberg wrote:
> Per the samples I have seen in manuals and on the php,net site I store the
> header statements in a if(!isset($_SERVER['PHP_AUTH_USER'])) delineated
> section.
>
> I test the supplied UserID and Password to see if they are a valid pair. My
> problem is that when they are not (right now I have a hard coded pair to use
> in my testing) I issue an error message and have the user try again (by
> having the page relaunched via a link). The problem is that the IF sees that
> the UserID is already set (to the bad value) and thus will not reissue the
> login menu. How do I invalidate the stored value so that the IF will return
> TRUE and thus cause the menu to be issued? I tried adding a
> $_SERVER['PHP_AUTH_USER'])=""; or a unset($_SERVER['PHP_AUTH_USER']); in my
> error routine (with the link) I still do not get the the menu.
>
> Please Help.
>
> Thank you.
>

These values are set by the server. You can change them, but only for
the currently running script.

So, you need another way of doing it. One way is to set a value in the
$_SESSION array to something when the user is logged in, and test it
instead. Once you get a correct userid and password, set this value.
If the value isn't set, display the login page. Once it is set,
continue on.

BTW, I think most PHP programmers don't use the Apache userid/password.
It's OK if you're using Apache authentication, but that's about it.
The rest just put up a page with userid and password and handle it from
there. It takes Apache out of the equation and gives you full control
(i.e. you can put a "forgot password" link on the page, or a "register"
link if they haven't registered yet).

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: PHP Sessions and XML
Next Topic: PEAR in Firefox
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Thu Nov 28 21:35:24 GMT 2024

Total time taken to generate the page: 0.04608 seconds