| Re: Query about WWW-Authenticate: Basic and bad UserID/Password recovery [message #178353 is a reply to message #178351] |
Sun, 10 June 2012 22:25   |
Robert Rosenberg
Messages: 6
Registered: May 2012
Karma:
|
Junior Member |
|
|
On 06/10/2012 16:54, in article jr31hi$igf$1(at)dont-email(dot)me, "Richard Damon"
<news(dot)x(dot)richarddamon(at)xoxy(dot)net> wrote:
> On 6/10/12 4:14 PM, Robert Rosenberg wrote:
>> Per the samples I have seen in manuals and on the php,net site I store the
>> header statements in a if(!isset($_SERVER['PHP_AUTH_USER'])) delineated
>> section.
>>
>> I test the supplied UserID and Password to see if they are a valid pair. My
>> problem is that when they are not (right now I have a hard coded pair to use
>> in my testing) I issue an error message and have the user try again (by
>> having the page relaunched via a link). The problem is that the IF sees that
>> the UserID is already set (to the bad value) and thus will not reissue the
>> login menu. How do I invalidate the stored value so that the IF will return
>> TRUE and thus cause the menu to be issued? I tried adding a
>> $_SERVER['PHP_AUTH_USER'])=""; or a unset($_SERVER['PHP_AUTH_USER']); in my
>> error routine (with the link) I still do not get the the menu.
>>
>> Please Help.
>>
>> Thank you.
>>
>
> The issue is you need to tell the browser that the log in information is
> incorrect, which you can do by sending a header with a 401 Not
> Authorized error code. This should trigger the browser to pop up the
> login box. You are probably doing this for no UserId, you also need to
> do it for a wrong user ID.
Thanks for your reply.
My code is:
if(!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="realm"');
header('HTTP/1.0 401 Unauthorized');
echo '<p>Please <a href="login7.php">Log In</a> and enter correct
UserID and Password.</p>';
exit;
} else {
If (check for not good pair) {
echo an error message and supply a retry link
} else {
Good Pair routine
} // end of pair check
} // end of menu code
Thus the 401 I there but will not be sent due to the IF !isset. Are you
saying that I need to just send the header from my bad pair routine? I can
not see anyway to delay the header so I can display a BAD PAIR error message
and only have them attempt again after using a link back to the PHP page.
Issuing the header without an error message just causes the menu to
immediately get displayed without any warning of the bad input (ie: You
reply get the box back).
While I plan to replace this test with a real custom login page before going
live, I am using this as a short cut while I work on other areas of my code
(as well as learning how to use this function).
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]