FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Query about WWW-Authenticate: Basic and bad UserID/Password recovery
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Query about WWW-Authenticate: Basic and bad UserID/Password recovery [message #178355 is a reply to message #178352] Sun, 10 June 2012 23:49 Go to previous messageGo to previous message
Scott Johnson is currently offline  Scott Johnson
Messages: 196
Registered: January 2012
Karma:
Senior Member
On 6/10/2012 3:17 PM, Robert Rosenberg wrote:
> On 06/10/2012 16:52, in article jr31fc$htu$1(at)dont-email(dot)me, "Jerry Stuckle"
> <jstucklex(at)attglobal(dot)net> wrote:
>
>> On 6/10/2012 4:14 PM, Robert Rosenberg wrote:
>>> Per the samples I have seen in manuals and on the php,net site I store the
>>> header statements in a if(!isset($_SERVER['PHP_AUTH_USER'])) delineated
>>> section.
>>>
>>> I test the supplied UserID and Password to see if they are a valid pair. My
>>> problem is that when they are not (right now I have a hard coded pair to use
>>> in my testing) I issue an error message and have the user try again (by
>>> having the page relaunched via a link). The problem is that the IF sees that
>>> the UserID is already set (to the bad value) and thus will not reissue the
>>> login menu. How do I invalidate the stored value so that the IF will return
>>> TRUE and thus cause the menu to be issued? I tried adding a
>>> $_SERVER['PHP_AUTH_USER'])=""; or a unset($_SERVER['PHP_AUTH_USER']); in my
>>> error routine (with the link) I still do not get the the menu.
>>>
>>> Please Help.
>>>
>>> Thank you.
>>>
>>
>> These values are set by the server. You can change them, but only for
>> the currently running script.
>>
>> So, you need another way of doing it. One way is to set a value in the
>> $_SESSION array to something when the user is logged in, and test it
>> instead. Once you get a correct userid and password, set this value.
>> If the value isn't set, display the login page. Once it is set,
>> continue on.
>
> Thanks for your reply.
>
> My code is:
>
> if(!isset($_SERVER['PHP_AUTH_USER'])) {
> header('WWW-Authenticate: Basic realm="realm"');
> header('HTTP/1.0 401 Unauthorized');
> echo '<p>Please<a href="login7.php">Log In</a> and enter correct
> UserID and Password.</p>';
> exit;
> }
>
> I had already tried what you suggested by adding a
> $_SERVER["bad-pair"]="TRUE; to the routine that issued the error message and
> provided the return link as well as adding a || $_SERVER["bad-pair"] to the
> if but it did not help. I guess I can also just pass a ?parm on my return
> link and do a similar test ($_GET['parm']==value).
>
>>
>> BTW, I think most PHP programmers don't use the Apache userid/password.
>> It's OK if you're using Apache authentication, but that's about it.
>> The rest just put up a page with userid and password and handle it from
>> there. It takes Apache out of the equation and gives you full control
>> (i.e. you can put a "forgot password" link on the page, or a "register"
>> link if they haven't registered yet).
>
> I do plan to eventually use a custom login page but I am using this to get
> my code worked out for testing. If I can not get it going, I guess I will
> need to go the custom page route.
>
>

Hello Robert

Just my .02

You may want to decide which way you want to go on the user
authentication now because at times your script may rely on that data
and how its implemented, such as permissions and as Jerry mentioned user
registration.

Many time all the user registration data is loaded upon sign in and
carries thru the site for many other uses.

It is tempting to put off unfamiliar areas but may cause several hours
of recoding down the road.

Scotty
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: PHP Sessions and XML
Next Topic: PEAR in Firefox
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Thu Nov 28 19:50:18 GMT 2024

Total time taken to generate the page: 0.07445 seconds