FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Digest Authentication
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Digest Authentication [message #179868 is a reply to message #179865] Fri, 14 December 2012 04:15 Go to previous messageGo to previous message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
Senior Member
On 12/13/2012 7:49 PM, dhtmlkitchen(at)gmail(dot)com wrote:
> Hi,
>
> I am trying to implement a password protected area of a site. I have never done this before.
>
> HTTP digest authentication seemed suitable for our low-level security requirements.
>
> Here is our PHP 5.3.6 configuration:
> http://thai-massage.com/phpinfo.php
>
> Here is the script I am using, from PHP.net:
> http://php.net/manual/en/features.http-auth.php#example-349
>
> The script is running here:
> http://thai-massage.com/dollar-school/PHP-PayPal-IPN-master/example/auth.ph p
>
> The login credentials are hard coded for sake of example. Eventually I want to get the password from a MySQL database.
>
> Results:
> * Cancel: "Text to send if user hits Cancel button"
> * Correct Login (guest/guest): Displays login prompt again
> * Incorrect Login (a/s): Displays login prompt again
>
> Expected results:
> * Cancel: "Text to send if user hits Cancel button"
> * Correct login (guest/guest): 'You are logged in as: guest"
> * Incorrect login: "Wrong Credentials!"
>
> Cancel is doing what I expect, but the login does not.
>
> What am I doing wrong? How can I get the result I want?
>

One other point - this is NOT a very good script. For instance, you
should NEVER use die() on a production system, especially for a
non-critical error. die() terminates processing of the page
immediately, resulting in invalid HTML at the browser.

Additionally, I think a very low percentage of PHP sites use such
authentication. Most have their own login page (using https protocol).
Once the user logs in, the script sets the appropriate information in
the $_SESSION array. Pages which require login just check for the
necessary data in the $_SESSION array, and if incorrect, redirect the
user to the login page. If the data are correct, the script just
continues with what it's supposed to do.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Using echo to run separate PHP script from HTML
Next Topic: simple dating site
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Nov 27 02:26:07 GMT 2024

Total time taken to generate the page: 0.03903 seconds