| Re: Query about WWW-Authenticate: Basic and bad UserID/Password recovery [message #178354 is a reply to message #178353] |
Sun, 10 June 2012 23:40   |
Richard Damon
Messages: 58
Registered: August 2011
Karma:
|
Member |
|
|
On 6/10/12 6:25 PM, Robert Rosenberg wrote:
>
> Thanks for your reply.
>
> My code is:
>
> if(!isset($_SERVER['PHP_AUTH_USER'])) {
> header('WWW-Authenticate: Basic realm="realm"');
> header('HTTP/1.0 401 Unauthorized');
> echo '<p>Please <a href="login7.php">Log In</a> and enter correct
> UserID and Password.</p>';
> exit;
> } else {
>
> If (check for not good pair) {
> echo an error message and supply a retry link
> } else {
> Good Pair routine
> } // end of pair check
>
> } // end of menu code
>
>
> Thus the 401 I there but will not be sent due to the IF !isset. Are you
> saying that I need to just send the header from my bad pair routine? I can
> not see anyway to delay the header so I can display a BAD PAIR error message
> and only have them attempt again after using a link back to the PHP page.
> Issuing the header without an error message just causes the menu to
> immediately get displayed without any warning of the bad input (ie: You
> reply get the box back).
>
> While I plan to replace this test with a real custom login page before going
> live, I am using this as a short cut while I work on other areas of my code
> (as well as learning how to use this function).
>
If your page returns a successful page code (which it will if you don't
use a header to send the error code, then the browser will not ask the
user for a new username/password combination.
You can also send an error page, and if the user cancels the
authorization, they will see that error page.
One thing you could do is for the login page, issue the 401, and for
other pages the error page with the link to the login page.
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]