FUDforum: comp.lang.php » Digest Authentication

Home » Imported messages » comp.lang.php » Digest Authentication

Show: Today's Messages :: Polls :: Message Navigator

Re: Digest Authentication [message #179866 is a reply to message #179865]

Fri, 14 December 2012 03:15

Jerry Stuckle
Messages: 2598
Registered: September 2010

Karma:

Senior Member

On 12/13/2012 7:49 PM, dhtmlkitchen(at)gmail(dot)com wrote:
> Hi,
>
> I am trying to implement a password protected area of a site. I have never done this before.
>
> HTTP digest authentication seemed suitable for our low-level security requirements.
>
> Here is our PHP 5.3.6 configuration:
> http://thai-massage.com/phpinfo.php
>
> Here is the script I am using, from PHP.net:
> http://php.net/manual/en/features.http-auth.php#example-349
>
> The script is running here:
> http://thai-massage.com/dollar-school/PHP-PayPal-IPN-master/example/auth.ph p
>
> The login credentials are hard coded for sake of example. Eventually I want to get the password from a MySQL database.
>
> Results:
> * Cancel: "Text to send if user hits Cancel button"
> * Correct Login (guest/guest): Displays login prompt again
> * Incorrect Login (a/s): Displays login prompt again
>
> Expected results:
> * Cancel: "Text to send if user hits Cancel button"
> * Correct login (guest/guest): 'You are logged in as: guest"
> * Incorrect login: "Wrong Credentials!"
>
> Cancel is doing what I expect, but the login does not.
>
> What am I doing wrong? How can I get the result I want?
>
>

Do you have your web server configuration set up correctly?

HTTP authentication is handled by the web server. PHP only gets control
after the user has passed the web server's authentication.

It looks like you never set your web server up to handle the
authentication, so it never passes - and the server just keeps resending
the request.

Now if the user presses cancel, the web server will fail the
authentication request and pass the request on to your scripts (usually
an "authentication failed" page.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================

Report message to a moderator

[Message index]

		Digest Authentication By: dhtmlkitchen on Fri, 14 December 2012 00:49
		Re: Digest Authentication By: Jerry Stuckle on Fri, 14 December 2012 03:15
		Re: Digest Authentication By: Jerry Stuckle on Fri, 14 December 2012 03:31
		Re: Digest Authentication By: Jerry Stuckle on Fri, 14 December 2012 04:15
		Re: Digest Authentication By: dhtmlkitchen on Wed, 19 December 2012 01:55
		Re: Digest Authentication By: Jerry Stuckle on Wed, 19 December 2012 02:08
		Re: Digest Authentication By: dhtmlkitchen on Wed, 19 December 2012 17:40
		Re: Digest Authentication By: Jerry Stuckle on Wed, 19 December 2012 20:02
		Re: Digest Authentication By: dhtmlkitchen on Thu, 20 December 2012 04:59
		Re: Digest Authentication By: Jerry Stuckle on Thu, 20 December 2012 19:02
		Re: Digest Authentication By: Peter H. Coffin on Wed, 19 December 2012 20:30
		Re: Digest Authentication By: Twayne on Wed, 19 December 2012 22:26
		Re: Digest Authentication By: Scott Johnson on Thu, 20 December 2012 01:02
		Re: Digest Authentication By: Twayne on Fri, 21 December 2012 01:17
		Re: Digest Authentication By: Jerry Stuckle on Fri, 21 December 2012 04:10
		Re: Digest Authentication By: The Natural Philosoph on Fri, 21 December 2012 10:19
		Re: Digest Authentication By: M. Strobel on Thu, 20 December 2012 08:57
		Re: Digest Authentication By: Jerry Stuckle on Thu, 20 December 2012 19:06
		Re: Digest Authentication By: legalize+jeeves on Sat, 22 December 2012 19:15
		Re: Digest Authentication By: M. Strobel on Fri, 14 December 2012 11:05

Previous Topic:	Using echo to run separate PHP script from HTML
Next Topic:	simple dating site

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Fri Jul 05 13:29:18 GMT 2024

Total time taken to generate the page: 0.29849 seconds