| Re: Digest Authentication [message #179913 is a reply to message #179868] |
Wed, 19 December 2012 01:55   |
dhtmlkitchen
Messages: 4
Registered: December 2012
Karma:
|
Junior Member |
|
|
On Dec 13, 8:15 pm, Jerry Stuckle <jstuck...@attglobal.net> wrote:
> On 12/13/2012 7:49 PM, dhtmlkitc...@gmail.com wrote:
>
>> I am trying to implement a password protected area of a site. I have never done this before.
[...]
> One other point - this is NOT a very good script. For instance, you
> should NEVER use die() on a production system, especially for a
> non-critical error. die() terminates processing of the page
> immediately, resulting in invalid HTML at the browser.
>
Wow, you're right!
Should I use `echo`?
When testing locally, after once entering wrong credentials, I
continue to get
`die('Wrong Credentials!');` and am given no opportunity to enter
correct credentials.
1. click "cancel"
2. reload.
3. enter wrong credentials and click "login"
4. reload.
Desired result:
Prompt for login credentials.
Actual result:
"Wrong Credentials!"
Is PHP_AUTH_DIGEST set automatically? And how and where in the script?
Also, what should I look for in print_r()?
> Additionally, I think a very low percentage of PHP sites use such
> authentication. Most have their own login page (using https protocol).
I'm not sure if we can do https here (it's a small, low budget project
on Yahoo Small Business). For our app, we'll use a PayPal IPN of $1 to
access the area of the site, and we're not worried MIM attack to get
free access. I convinced the site owner to use a managed, password-
protected area the site, in favor of password protecting the zip file
and zipping up the site contents and giving a "hidden" URL.
If HTTPS isn't in budget, I'll try to amend the linked digest script.
If I'm on the wrong track, please advise other strategies for this
simple app.
Thank you,
--
Garrett
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]