FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Digest Authentication
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Digest Authentication [message #179913 is a reply to message #179868] Wed, 19 December 2012 01:55 Go to previous messageGo to previous message
dhtmlkitchen is currently offline  dhtmlkitchen
Messages: 4
Registered: December 2012
Karma:
Junior Member
On Dec 13, 8:15 pm, Jerry Stuckle <jstuck...@attglobal.net> wrote:
> On 12/13/2012 7:49 PM, dhtmlkitc...@gmail.com wrote:
>
>> I am trying to implement a password protected area of a site. I have never done this before.

[...]

> One other point - this is NOT a very good script.  For instance, you
> should NEVER use die() on a production system, especially for a
> non-critical error.  die() terminates processing of the page
> immediately, resulting in invalid HTML at the browser.
>
Wow, you're right!

Should I use `echo`?

When testing locally, after once entering wrong credentials, I
continue to get
`die('Wrong Credentials!');` and am given no opportunity to enter
correct credentials.


1. click "cancel"
2. reload.
3. enter wrong credentials and click "login"
4. reload.

Desired result:
Prompt for login credentials.

Actual result:
"Wrong Credentials!"

Is PHP_AUTH_DIGEST set automatically? And how and where in the script?
Also, what should I look for in print_r()?

> Additionally, I think a very low percentage of PHP sites use such
> authentication.  Most have their own login page (using https protocol).

I'm not sure if we can do https here (it's a small, low budget project
on Yahoo Small Business). For our app, we'll use a PayPal IPN of $1 to
access the area of the site, and we're not worried MIM attack to get
free access. I convinced the site owner to use a managed, password-
protected area the site, in favor of password protecting the zip file
and zipping up the site contents and giving a "hidden" URL.

If HTTPS isn't in budget, I'll try to amend the linked digest script.

If I'm on the wrong track, please advise other strategies for this
simple app.

Thank you,
--
Garrett
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Using echo to run separate PHP script from HTML
Next Topic: simple dating site
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Nov 27 02:20:02 GMT 2024

Total time taken to generate the page: 0.06175 seconds