Hi, Thanks for the explaination. But that code does not pop up any login window. Do I need to do any settings for that??
--- Matt Schroebel <[EMAIL PROTECTED]> wrote: > > From: Varsha Agarwal > [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, July 10, 2002 4:30 PM > > >I thought it will ask some user name and > > password thing but it just displays me the string > > "text to send if user hits cancel". > > This is the code: > > > > <?php > > header("WWW-Authenticate: Basic realm=\"My > Realm\""); > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > Get rid of the above statement > > > > > if (!isset($_SERVER['PHP_AUTH_USER'])) { > > header("WWW-Authenticate: Basic realm=\"My > > Realm\""); > > header("HTTP/1.0 401 Unauthorized"); > > echo "Text to send if user hits Cancel > button\n"; > > exit; > > } else { > > echo "<p>Hello > {$_SERVER['PHP_AUTH_USER']}.</p>"; > > echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} > as > > your password.</p>"; > > } > > ?> > > <?php > header("WWW-Authenticate: Basic realm=\"My > Realm\""); > header("HTTP/1.0 401 Unauthorized"); > ?> > > The above two statements will cause the browser to > pop up the login window and pass any input > (including none) back to the page. Any user input > will be in the two $_SERVER vars. Typically you'd > validate this with a db or something, and allow > access if the user id and password validate. HTTP > Auth in HTTP/1.0 isn't secure as the credentials are > sent clear text to the server on every GET request, > so on a page with images and such it's sent several > times. Also, there's no way to sign out other then > closing all of the browser windows. It's better to > design a session based solution, with a login page, > and set a session variable(s) indicating the > authorized so the user id/password are only sent > once, and you can control session timeout to require > re-logging in after some interval of inactivity. > You'd also have to consider session hijacking, which > is covered in the archives. > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > __________________________________________________ Do You Yahoo!? Sign up for SBC Yahoo! Dial - First Month Free http://sbc.yahoo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
