FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Query about WWW-Authenticate: Basic and bad UserID/Password recovery
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Query about WWW-Authenticate: Basic and bad UserID/Password recovery [message #178353 is a reply to message #178351] Sun, 10 June 2012 22:25 Go to previous messageGo to previous message
Robert Rosenberg is currently offline  Robert Rosenberg
Messages: 6
Registered: May 2012
Karma:
Junior Member
On 06/10/2012 16:54, in article jr31hi$igf$1(at)dont-email(dot)me, "Richard Damon"
<news(dot)x(dot)richarddamon(at)xoxy(dot)net> wrote:

> On 6/10/12 4:14 PM, Robert Rosenberg wrote:
>> Per the samples I have seen in manuals and on the php,net site I store the
>> header statements in a if(!isset($_SERVER['PHP_AUTH_USER'])) delineated
>> section.
>>
>> I test the supplied UserID and Password to see if they are a valid pair. My
>> problem is that when they are not (right now I have a hard coded pair to use
>> in my testing) I issue an error message and have the user try again (by
>> having the page relaunched via a link). The problem is that the IF sees that
>> the UserID is already set (to the bad value) and thus will not reissue the
>> login menu. How do I invalidate the stored value so that the IF will return
>> TRUE and thus cause the menu to be issued? I tried adding a
>> $_SERVER['PHP_AUTH_USER'])=""; or a unset($_SERVER['PHP_AUTH_USER']); in my
>> error routine (with the link) I still do not get the the menu.
>>
>> Please Help.
>>
>> Thank you.
>>
>
> The issue is you need to tell the browser that the log in information is
> incorrect, which you can do by sending a header with a 401 Not
> Authorized error code. This should trigger the browser to pop up the
> login box. You are probably doing this for no UserId, you also need to
> do it for a wrong user ID.

Thanks for your reply.

My code is:

if(!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="realm"');
header('HTTP/1.0 401 Unauthorized');
echo '<p>Please <a href="login7.php">Log In</a> and enter correct
UserID and Password.</p>';
exit;
} else {

If (check for not good pair) {
echo an error message and supply a retry link
} else {
Good Pair routine
} // end of pair check

} // end of menu code


Thus the 401 I there but will not be sent due to the IF !isset. Are you
saying that I need to just send the header from my bad pair routine? I can
not see anyway to delay the header so I can display a BAD PAIR error message
and only have them attempt again after using a link back to the PHP page.
Issuing the header without an error message just causes the menu to
immediately get displayed without any warning of the bad input (ie: You
reply get the box back).

While I plan to replace this test with a real custom login page before going
live, I am using this as a short cut while I work on other areas of my code
(as well as learning how to use this function).
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: PHP Sessions and XML
Next Topic: PEAR in Firefox
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sun Dec 01 10:14:03 GMT 2024

Total time taken to generate the page: 0.04878 seconds