Re: [PHP] HTTP Authentication [ SOLVED ]
On Wed, Nov 19, 2008 at 12:47 PM, Thiago H. Pojda <[EMAIL PROTECTED]> wrote: > On Wed, Nov 19, 2008 at 12:15 PM, Andrew Ballard <[EMAIL PROTECTED]> wrote: >> >> On Wed, Nov 19, 2008 at 9:26 AM, Thiago H. Pojda <[EMAIL PROTECTED]> >> wrote: >> > Guys, >> > >> > I have to access a WS that uses HTTP auth directly with PHP. >> > >> > I've tried using the usual http://user:[EMAIL PROTECTED]/ but I couldn't >> > get it >> > working. I believe it has something to do with the password containing a >> > # >> > (can't change it) and the browser thinks it's an achor or something. >> > >> > All I've seen were scripts to implement HTTP Auth in PHP, nothing about >> > actually logging in with PHP. >> > >> > Is it possible to send the authentication headers the first time I >> > access >> > the link? I could send all necessary headers to the page I'm trying to >> > access and retrieve it's content at once. >> > >> > >> > Thanks, >> > -- >> > Thiago Henrique Pojda >> > >> >> You're passing the username and password as part of a URL, so >> shouldn't the username and password be urlencoded? I'm thinking it >> will work if you replace the '#' sign with %23. >> >> Andrew > > I only tried thworing urlencode on everything, which obviously didn't work. > > Both ways worked, using %23 for '#' and the snippet from Nathan. > > > Thanks a lot everyone, I was about to build all the headers and stuff :P > > Regards, > -- > Thiago Henrique Pojda > Yes. If you go that route, you have to separately urlencode each piece of data rather than the whole URL because you don't want the valid delimiters like the colon, @ symbol, slashes, etc. to get encoded. Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] HTTP Authentication [ SOLVED ]
On Wed, Nov 19, 2008 at 2:49 PM, Boyd, Todd M. <[EMAIL PROTECTED]> wrote: > > -Original Message- > > From: Thiago H. Pojda [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, November 19, 2008 11:47 AM > > To: Andrew Ballard > > Cc: PHP-General List > > Subject: Re: [PHP] HTTP Authentication [ SOLVED ] > > > > On Wed, Nov 19, 2008 at 12:15 PM, Andrew Ballard <[EMAIL PROTECTED]> > > wrote: > > > > > On Wed, Nov 19, 2008 at 9:26 AM, Thiago H. Pojda > > <[EMAIL PROTECTED]> > > > wrote: > > > > Guys, > > > > > > > > I have to access a WS that uses HTTP auth directly with PHP. > > > > > > > > I've tried using the usual http://user:[EMAIL PROTECTED]/ but I > > couldn't > > > get it > > > > working. I believe it has something to do with the password > > containing a > > > # > > > > (can't change it) and the browser thinks it's an achor or > > something. > > > > > > > > All I've seen were scripts to implement HTTP Auth in PHP, nothing > > about > > > > actually logging in with PHP. > > > > > > > > Is it possible to send the authentication headers the first time I > > access > > > > the link? I could send all necessary headers to the page I'm > trying > > to > > > > access and retrieve it's content at once. > > > > > > > > > > > > Thanks, > > > > -- > > > > Thiago Henrique Pojda > > > > > > > > > > You're passing the username and password as part of a URL, so > > > shouldn't the username and password be urlencoded? I'm thinking it > > > will work if you replace the '#' sign with %23. > > > > > > Andrew > > > > > > > I only tried thworing urlencode on everything, which obviously didn't > > work. > > > > Both ways worked, using %23 for '#' and the snippet from Nathan. > > > > > > Thanks a lot everyone, I was about to build all the headers and stuff > > :P > > "All the headers," meaning 2? :) Glad to hear you've solved your > problem, anyway.. > > > // Todd > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > Haha, yes, 'all' those :) I thought there were many more, thankfully it only needed Basic and the other - which I forgot now. Thank you too :) -- Thiago Henrique Pojda
RE: [PHP] HTTP Authentication [ SOLVED ]
> -Original Message- > From: Thiago H. Pojda [mailto:[EMAIL PROTECTED] > Sent: Wednesday, November 19, 2008 11:47 AM > To: Andrew Ballard > Cc: PHP-General List > Subject: Re: [PHP] HTTP Authentication [ SOLVED ] > > On Wed, Nov 19, 2008 at 12:15 PM, Andrew Ballard <[EMAIL PROTECTED]> > wrote: > > > On Wed, Nov 19, 2008 at 9:26 AM, Thiago H. Pojda > <[EMAIL PROTECTED]> > > wrote: > > > Guys, > > > > > > I have to access a WS that uses HTTP auth directly with PHP. > > > > > > I've tried using the usual http://user:[EMAIL PROTECTED]/ but I > couldn't > > get it > > > working. I believe it has something to do with the password > containing a > > # > > > (can't change it) and the browser thinks it's an achor or > something. > > > > > > All I've seen were scripts to implement HTTP Auth in PHP, nothing > about > > > actually logging in with PHP. > > > > > > Is it possible to send the authentication headers the first time I > access > > > the link? I could send all necessary headers to the page I'm trying > to > > > access and retrieve it's content at once. > > > > > > > > > Thanks, > > > -- > > > Thiago Henrique Pojda > > > > > > > You're passing the username and password as part of a URL, so > > shouldn't the username and password be urlencoded? I'm thinking it > > will work if you replace the '#' sign with %23. > > > > Andrew > > > > I only tried thworing urlencode on everything, which obviously didn't > work. > > Both ways worked, using %23 for '#' and the snippet from Nathan. > > > Thanks a lot everyone, I was about to build all the headers and stuff > :P "All the headers," meaning 2? :) Glad to hear you've solved your problem, anyway.. // Todd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] HTTP Authentication [ SOLVED ]
On Wed, Nov 19, 2008 at 12:15 PM, Andrew Ballard <[EMAIL PROTECTED]> wrote: > On Wed, Nov 19, 2008 at 9:26 AM, Thiago H. Pojda <[EMAIL PROTECTED]> > wrote: > > Guys, > > > > I have to access a WS that uses HTTP auth directly with PHP. > > > > I've tried using the usual http://user:[EMAIL PROTECTED]/ but I couldn't > get it > > working. I believe it has something to do with the password containing a > # > > (can't change it) and the browser thinks it's an achor or something. > > > > All I've seen were scripts to implement HTTP Auth in PHP, nothing about > > actually logging in with PHP. > > > > Is it possible to send the authentication headers the first time I access > > the link? I could send all necessary headers to the page I'm trying to > > access and retrieve it's content at once. > > > > > > Thanks, > > -- > > Thiago Henrique Pojda > > > > You're passing the username and password as part of a URL, so > shouldn't the username and password be urlencoded? I'm thinking it > will work if you replace the '#' sign with %23. > > Andrew > I only tried thworing urlencode on everything, which obviously didn't work. Both ways worked, using %23 for '#' and the snippet from Nathan. Thanks a lot everyone, I was about to build all the headers and stuff :P Regards, -- Thiago Henrique Pojda
Re: [PHP] HTTP Authentication
On Wed, Nov 19, 2008 at 9:26 AM, Thiago H. Pojda <[EMAIL PROTECTED]> wrote: > Guys, > > I have to access a WS that uses HTTP auth directly with PHP. > > I've tried using the usual http://user:[EMAIL PROTECTED]/ but I couldn't get > it > working. I believe it has something to do with the password containing a # > (can't change it) and the browser thinks it's an achor or something. > > All I've seen were scripts to implement HTTP Auth in PHP, nothing about > actually logging in with PHP. > > Is it possible to send the authentication headers the first time I access > the link? I could send all necessary headers to the page I'm trying to > access and retrieve it's content at once. > > > Thanks, > -- > Thiago Henrique Pojda > You're passing the username and password as part of a URL, so shouldn't the username and password be urlencoded? I'm thinking it will work if you replace the '#' sign with %23. Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] HTTP Authentication
> -Original Message- > From: Craige Leeder [mailto:[EMAIL PROTECTED] > Sent: Wednesday, November 19, 2008 8:35 AM > To: Thiago H. Pojda > Cc: PHP-General List > Subject: Re: [PHP] HTTP Authentication > > Thiago H. Pojda wrote: > > Guys, > > > > I have to access a WS that uses HTTP auth directly with PHP. > > > > I've tried using the usual http://user:[EMAIL PROTECTED]/ but I couldn't > get it > > working. I believe it has something to do with the password > containing a # > > (can't change it) and the browser thinks it's an achor or something. > > > > All I've seen were scripts to implement HTTP Auth in PHP, nothing > about > > actually logging in with PHP. > > > > Is it possible to send the authentication headers the first time I > access > > the link? I could send all necessary headers to the page I'm trying > to > > access and retrieve it's content at once. > > > > > > Thanks, > > > > > Why don't you let yourself in regardless of the credentials and print > them out to make sure they're being evaluated as you expect. Well... he said he needs to access a WS, not that he administrates it or has any control over the authentication, etc. As for the Basic Authentication, I believe you can send the authentication info in the headers (instead of the URL). If you have problems implementing that in straight PHP, perhaps cURL could be of some assistance. http://www.httprevealer.com/article_basic_authentication.htm - this outlines the header formats, etc... just remember--you will need to Base64 encode "username:password" for the "Authorization" header. HTH, // Todd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] HTTP Authentication
On Wed, Nov 19, 2008 at 11:34 AM, Craige Leeder <[EMAIL PROTECTED]> wrote: > Thiago H. Pojda wrote: > >> Guys, >> >> I have to access a WS that uses HTTP auth directly with PHP. >> >> I've tried using the usual http://user:[EMAIL PROTECTED]/ but I couldn't get >> it >> working. I believe it has something to do with the password containing a # >> (can't change it) and the browser thinks it's an achor or something. >> >> All I've seen were scripts to implement HTTP Auth in PHP, nothing about >> actually logging in with PHP. >> >> Is it possible to send the authentication headers the first time I access >> the link? I could send all necessary headers to the page I'm trying to >> access and retrieve it's content at once. >> >> >> Thanks, >> >> > Why don't you let yourself in regardless of the credentials and print them > out to make sure they're being evaluated as you expect. > > - Craige > I can' t change the WebService, it's not mine. If it were, I could manage to test some stuff but now all I can do is type it's address in my browser, login and see the content I want my app to see. Thanks, -- Thiago Henrique Pojda
Re: [PHP] HTTP Authentication
Thiago H. Pojda wrote: Guys, I have to access a WS that uses HTTP auth directly with PHP. I've tried using the usual http://user:[EMAIL PROTECTED]/ but I couldn't get it working. I believe it has something to do with the password containing a # (can't change it) and the browser thinks it's an achor or something. All I've seen were scripts to implement HTTP Auth in PHP, nothing about actually logging in with PHP. Is it possible to send the authentication headers the first time I access the link? I could send all necessary headers to the page I'm trying to access and retrieve it's content at once. Thanks, Why don't you let yourself in regardless of the credentials and print them out to make sure they're being evaluated as you expect. - Craige -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] HTTP Authentication in include()
--- Matt Wondra <[EMAIL PROTECTED]> wrote:
> I'm trying to include a file from an HTTP Authenticated server
> in PHP. I have a valid username and password. Is there any way
> to remotely login and include the file?
>
> Ex:
>
> include("https://www.url.com/incl1.php";);
When allow_url_fopen is enabled, you can include a remote URL, similar to
what you've shown. What PHP does for you is send an HTTP request to the
remote server, receive the response, and include the content just as if
you included a local file.
It is this request that PHP sends that needs to have the Authorization
header. To my knowledge, there is no way to add your own headers to this
request made on your behalf, although you could certainly hack PHP's
source to allow such a thing.
What you can do is write your own code to make a request. I'll give you a
quick example, but keep in mind that I'm just typing this out in an email,
and it is likely to contain bugs. :-)
--
$username = 'myuser';
$password = 'mypass';
$host = 'example.org';
$path = '/path/to/script.php';
$authorization = base64_encode("$username:$password);
$http_response = '';
$fp = fsockopen($host, 80);
fputs($fp, "GET $path HTTP/1.1\r\n");
fputs($fp, "Host: $host\r\n");
fputs($fp, "Authorization: $authorization\r\n");
fputs($fp, "Connection: close\r\n\r\n");
fputs($fp, $data);
while (!feof($fp))
{
$http_response .= fgets($fp, 128);
}
fclose($fp);
--
Your example cites a URL with the https scheme. To speak SSL, this example
will of course require some enhancements, but hopefully this answers your
question.
Chris
=
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] HTTP Authentication in include()
On Friday 03 September 2004 05:27, Matt Wondra wrote:
> I'm trying to include a file from an HTTP Authenticated server in PHP. I
> have a valid username and password. Is there any way to remotely login and
> include the file?
>
> Ex:
>
> include("https://www.url.com/incl1.php";); // Trying to include from
> password-protected site
include('https://user:[EMAIL PROTECTED]/incl1.php')
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
--
/*
I am the wandering glitch -- catch me if you can.
*/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] HTTP Authentication take so long, why??OT
[snip] I am wondering why is the HTTP Authentication is taking so long to pop-up once the link/button is clicked. Like 2 minutes I'm using Apache and there is no PHP being used for HTTP Authentication stuffs as I thought it did. I thought one of you might know of this because of previous experience. The database is not hte issue here, the firewall is not the issue here and the webserver is at offsite. I think it is something with Apache or the SSL part.. This webpage is on the SSL part... [/snip] Maybe an Apache list would help you much more quickly. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] http authentication through PHP
Scott Taylor wrote: What is the easiest way to access a page that is protected by HTTP basic authentication through PHP? In other words, I have a PHP page that will get the username and password off a database and will then login through HTTP authentication to access a second page (say an HTML page). I believe Snoopy can do this http://snoopy.sourceforge.net -- Burhan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] http authentication through PHP
--- Scott Taylor <[EMAIL PROTECTED]> wrote: > What is the easiest way to access a page that is protected by HTTP > basic authentication through PHP? You should be able to indicate the username and password in the URL: http://username:[EMAIL PROTECTED]/path/to/script.php Hope that helps. Chris = Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] HTTP Authentication thru PHP
Jay Blanchard wrote: Or colons. It is a Bad Practice[tm] to use any special characters in user names and/or passwords. It is not universally allowed from OS to OS I disagree with this : special characters are useful to have better passwords (more difficult to crack), but as apache stores the souples login:password_crypt, of course : is the only really forbidden character. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] HTTP Authentication thru PHP
[snip] I think I can remember semi-colon is not allowed in apache logins or passwords... >But the above is not working when the $username contains a trailing >semicolon >or when the $password is starting with a semicolon, >Ex: what if the $username ="chandu:" [/snip] Or colons. It is a Bad Practice[tm] to use any special characters in user names and/or passwords. It is not universally allowed from OS to OS -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] HTTP Authentication thru PHP
I think I can remember semi-colon is not allowed in apache logins or
passwords...
Chandu Nannapaneni wrote:
hello all ,
I'm able to get successfully http authenticated from my php scripts
Ex :
$header = "POST /myscript.php HTTP/1.0\r\nAuthorization: Basic ";
$header .= base64_encode("$username:$password")."\r\n";
$header .= "Content-type: application/x-www-form-urlencoded\r\n";
$fp = fsockopen($IP, $PORT, $errno, $errstr);
if ($fp) { fputs($fp, $header . $request); while (!feof($fp)) {
$response .= fgets($fp, 128); } }
But the above is not working when the $username contains a trailing
semicolon
or when the $password is starting with a semicolon,
Ex: what if the $username ="chandu:"
Is there any solution for this ?
/Chandu
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] HTTP Authentication thru PHP
Hi, > But the above is not working when the $username contains a trailing > semicolon > or when the $password is starting with a semicolon, > Ex: what if the $username ="chandu:" > > Is there any solution for this ? You could use str_replace to strip those before they get used. -Dan Joseph -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] HTTP authentication - de authentication
>From: "vic" <[EMAIL PROTECTED]> > Sent: Saturday, August 10, 2002 11:24 AM >Subject: [PHP] HTTP authentication - de authentication > How does one logout from such an authentication? There's no way to logout. Use a session based authentication. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] HTTP authentication
Hi,
Thanks for the explaination. But that code does not
pop up any login window. Do I need to do any settings
for that??
--- Matt Schroebel <[EMAIL PROTECTED]> wrote:
> > From: Varsha Agarwal
> [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, July 10, 2002 4:30 PM
>
> >I thought it will ask some user name and
> > password thing but it just displays me the string
> > "text to send if user hits cancel".
> > This is the code:
> >
> > > header("WWW-Authenticate: Basic realm=\"My
> Realm\"");
>
> ^^
> Get rid of the above statement
>
> >
> > if (!isset($_SERVER['PHP_AUTH_USER'])) {
> > header("WWW-Authenticate: Basic realm=\"My
> > Realm\"");
> > header("HTTP/1.0 401 Unauthorized");
> > echo "Text to send if user hits Cancel
> button\n";
> > exit;
> > } else {
> > echo "Hello
> {$_SERVER['PHP_AUTH_USER']}.";
> > echo "You entered {$_SERVER['PHP_AUTH_PW']}
> as
> > your password.";
> > }
> > ?>
>
> header("WWW-Authenticate: Basic realm=\"My
> Realm\"");
> header("HTTP/1.0 401 Unauthorized");
> ?>
>
> The above two statements will cause the browser to
> pop up the login window and pass any input
> (including none) back to the page. Any user input
> will be in the two $_SERVER vars. Typically you'd
> validate this with a db or something, and allow
> access if the user id and password validate. HTTP
> Auth in HTTP/1.0 isn't secure as the credentials are
> sent clear text to the server on every GET request,
> so on a page with images and such it's sent several
> times. Also, there's no way to sign out other then
> closing all of the browser windows. It's better to
> design a session based solution, with a login page,
> and set a session variable(s) indicating the
> authorized so the user id/password are only sent
> once, and you can control session timeout to require
> re-logging in after some interval of inactivity.
> You'd also have to consider session hijacking, which
> is covered in the archives.
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
__
Do You Yahoo!?
Sign up for SBC Yahoo! Dial - First Month Free
http://sbc.yahoo.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] HTTP authentication
> From: Varsha Agarwal [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 10, 2002 4:30 PM
>I thought it will ask some user name and
> password thing but it just displays me the string
> "text to send if user hits cancel".
> This is the code:
>
> header("WWW-Authenticate: Basic realm=\"My Realm\"");
^^
Get rid of the above statement
>
> if (!isset($_SERVER['PHP_AUTH_USER'])) {
> header("WWW-Authenticate: Basic realm=\"My
> Realm\"");
> header("HTTP/1.0 401 Unauthorized");
> echo "Text to send if user hits Cancel button\n";
> exit;
> } else {
> echo "Hello {$_SERVER['PHP_AUTH_USER']}.";
> echo "You entered {$_SERVER['PHP_AUTH_PW']} as
> your password.";
> }
> ?>
The above two statements will cause the browser to pop up the login window and pass
any input (including none) back to the page. Any user input will be in the two
$_SERVER vars. Typically you'd validate this with a db or something, and allow access
if the user id and password validate. HTTP Auth in HTTP/1.0 isn't secure as the
credentials are sent clear text to the server on every GET request, so on a page with
images and such it's sent several times. Also, there's no way to sign out other then
closing all of the browser windows. It's better to design a session based solution,
with a login page, and set a session variable(s) indicating the authorized so the user
id/password are only sent once, and you can control session timeout to require
re-logging in after some interval of inactivity. You'd also have to consider session
hijacking, which is covered in the archives.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] HTTP Authentication
the HTTP authentication of using a form uses Sessions! Check out the following URL: http://www.devshed.com/Server_Side/PHP/Commerce2/ I followed the above URL to create a user authentication page using Sessions. Peter On Mon, 22 Oct 2001, [ISO-8859-1] Stig-Ørjan Smelror wrote: > Wilbert Enserink wrote: > > > Hi all, > > > > > > is it possible to do a HTTP Authentication with my own loginform instead of > > using the ugly pop up window? > > > > > > regards, > > > > Wilbert > > > > > With a lot of thought, yes. > You need to consider a few factors before you start. > > Security: Checking the IP address of the user. > Performance: to DB or not to DB, that is the question! > Security again: what kind of password algoritm are you going to use. > > And so on and so forth. > > I wish you the best of luck. I made such a script just a month ago :) > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] HTTP Authentication
Wilbert Enserink wrote: > Hi all, > > > is it possible to do a HTTP Authentication with my own loginform instead of > using the ugly pop up window? > > > regards, > > Wilbert > With a lot of thought, yes. You need to consider a few factors before you start. Security: Checking the IP address of the user. Performance: to DB or not to DB, that is the question! Security again: what kind of password algoritm are you going to use. And so on and so forth. I wish you the best of luck. I made such a script just a month ago :) -- Stig-Ørjan Smelror Systemutvikler Linux Communications AS Sandakerveien 48b Box 1801 - Vika N-0123 Oslo, Norway tel. +47 22 09 28 80 fax. +47 22 09 28 81 http://www.lincom.no/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] HTTP Authentication / Logging Out
how secure is either method? the form method would be more secure if it was done over https correct? tonyz Martín marqués wrote: > > On Lun 01 Oct 2001 19:36, you wrote: > > I used a pretty basic system to check HTTP authentication values against > > database values, but I can't seem to find a way to allow the user to log > > out. I tried: > > > > unset($PHP_AUTH_USER) > > > > but Internet Explorer hangs on to that value until all browser windows are > > closed. Is there any way around that? > > I (as lot of GPL projects) have droped HTTP authentification, and use there > own authentification. > Put a form with login and password, and save whatever you like in a session, > and thats it. > > Saludos... ;-) > > P.D.: Netscape also hangs with the variable PHP_AUTH_USER. > > -- > Porqué usar una base de datos relacional cualquiera, > si podés usar PostgreSQL? > - > Martín Marqués |[EMAIL PROTECTED] > Programador, Administrador, DBA | Centro de Telematica >Universidad Nacional > del Litoral > - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] HTTP Authentication / Logging Out
$PHP_AUTH_USER is filled in based on the value coming from the browser. unsetting it in PHP makes no sense as the browser is simply going to set it again on the next request. There is no way to clear this from the client-side short of changing the realm or denying the authentication with a 403. -Rasmus On Mon, 1 Oct 2001, Eric J Schwinder wrote: > I used a pretty basic system to check HTTP authentication values against > database values, but I can't seem to find a way to allow the user to log > out. I tried: > > unset($PHP_AUTH_USER) > > but Internet Explorer hangs on to that value until all browser windows are > closed. Is there any way around that? > > Thanks, > > Eric J Schwinder > eric.AT.bergencomputing.DOT.com > > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] http authentication and php
On 23-Sep-2001 Jeff Bristow wrote:
> I am trying to write a php script that will work around a http
> authentication that I do have access to. I am trying to do this so that a
> form process in my control panel can automatically have information sent to
> it from a form that a user will fill out. However, my problem is in trying
> to get PHP to automatically authenticate.
>
>
> for example: I want to be able to call a url like this:
> http://server.com/greendocks/locked/useradd.htm?user=blah&pass=blahbut
> this url is behind a http authentication. Is it possible to have this url
> called by a php script?
>
> And the second part of the question is can I do this process so it is
> completely invisible to the user that this page has been called? Because of
> course I don't want to allow users to have access to everything in my
> control panel.
>
$host='server.com';
$url='/greendocks/locked/useradd.htm?user=blah&pass=blah';
$authuser='foo'; // blah ?
$authpass='baz'; // blah ?
$authenc=base64_encode("$authuser:$authpass");
$hdr =sprintf("GET %s HTTP/1.0\r\n", $url);
$hdr .="Accept: text/html\r\nAccept: text/plain\r\n";
$hdr .="User-Agent: Mozilla/1.0 (PHP spoof)\r\n";
$hdr .="Authorization: Basic $authenc\r\n\r\n";
$fp = fsockopen($host , 80, &$errno, &$errstr, 30);
if (!$fp) {
die "$host open error: $errstr $errno .\n";
}
fputs($fp,$hdr);
while(!feof($fp)) {
$buff=fgets($fp,1024);
... do yer thang
}
fclose($fp);
Regards,
--
Don Read [EMAIL PROTECTED]
-- It's always darkest before the dawn. So if you are going to
steal the neighbor's newspaper, that's the time to do it.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] http authentication and php
Well the actual problem is that this file is behind a http authenticated
directory. I actually don't want the users to know the login and password
for it since it is the login for my control panel for my website. However, I
do want to be able to execute a url, this is to allow users to create their
own email addresses with pop access without requesting them from me all the
time.
I am just not sure if I can push the login and password for the
authentication window that would normally pop up, so the file is executed
behind the scenes, and the user would merely see a output of their username
and password and information on how to login to their account which would be
output as long as the file was able to be executed.
Any ideas?
"Evan Nemerson" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> if you just want to output the file to the user,
>
readfile("http://server.com/greendocks/locked/useradd.htm?user=blah&pass=bla
h");
> should work. If you want to play with the file first, file() will put it
in
> an array, fopen() will create a file pointer to it, you could create your
> very own HTTP session (if you know the protocol) with fsockopen()... i'm
sure
> there are more, but that's all you need (probably). I would probably use
this:
>
>
$file=implode("\n",file("http://server.com/greendocks/locked/useradd.htm?use
r=blah&pass=blah"));
>
> if i wanted to place the whole thing in one variable, not an array.
>
>
>
> On Saturday 22 September 2001 20:39, you wrote:
> > I am trying to write a php script that will work around a http
> > authentication that I do have access to. I am trying to do this so that
a
> > form process in my control panel can automatically have information sent
to
> > it from a form that a user will fill out. However, my problem is in
trying
> > to get PHP to automatically authenticate.
> >
> >
> > for example: I want to be able to call a url like this:
> > http://server.com/greendocks/locked/useradd.htm?user=blah&pass=blah
but
> > this url is behind a http authentication. Is it possible to have this
url
> > called by a php script?
> >
> > And the second part of the question is can I do this process so it is
> > completely invisible to the user that this page has been called? Because
of
> > course I don't want to allow users to have access to everything in my
> > control panel.
> >
> > Hopefully someone knows what I'm getting at. Thanks for any help you may
be
> > able to provide.
> >
> > Jeff
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] http authentication and php
if you just want to output the file to the user,
readfile("http://server.com/greendocks/locked/useradd.htm?user=blah&pass=blah";);
should work. If you want to play with the file first, file() will put it in
an array, fopen() will create a file pointer to it, you could create your
very own HTTP session (if you know the protocol) with fsockopen()... i'm sure
there are more, but that's all you need (probably). I would probably use this:
$file=implode("\n",file("http://server.com/greendocks/locked/useradd.htm?user=blah&pass=blah";));
if i wanted to place the whole thing in one variable, not an array.
On Saturday 22 September 2001 20:39, you wrote:
> I am trying to write a php script that will work around a http
> authentication that I do have access to. I am trying to do this so that a
> form process in my control panel can automatically have information sent to
> it from a form that a user will fill out. However, my problem is in trying
> to get PHP to automatically authenticate.
>
>
> for example: I want to be able to call a url like this:
> http://server.com/greendocks/locked/useradd.htm?user=blah&pass=blahbut
> this url is behind a http authentication. Is it possible to have this url
> called by a php script?
>
> And the second part of the question is can I do this process so it is
> completely invisible to the user that this page has been called? Because of
> course I don't want to allow users to have access to everything in my
> control panel.
>
> Hopefully someone knows what I'm getting at. Thanks for any help you may be
> able to provide.
>
> Jeff
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] HTTP authentication
Won't sending a 401 header do the trick? Not sure, but worth a try. Cheers Jon -Original Message- From: Boris [mailto:[EMAIL PROTECTED]] Sent: 31 August 2001 13:08 To: [EMAIL PROTECTED] Subject: [PHP] HTTP authentication Is there a way to force re-authentication without closing and re-opening the browser. Thanks Boris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] ** 'The information included in this Email is of a confidential nature and is intended only for the addressee. If you are not the intended addressee, any disclosure, copying or distribution by you is prohibited and may be unlawful. Disclosure to any party other than the addressee, whether inadvertent or otherwise is not intended to waive privilege or confidentiality' ** -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] HTTP Authentication with PHP
this seems to make my browsers not cache.
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
then add
header("WWW-Authenticate: Basic realm='$SERVER_NAME' ");
header("HTTP/1.0 401 Unauthorized");
to pop up a login box.
--
Chris Lee
[EMAIL PROTECTED]
""Chris"" <[EMAIL PROTECTED]> wrote in message
9e06jc$jel$[EMAIL PROTECTED]">news:9e06jc$jel$[EMAIL PROTECTED]...
I have configured mod_auth_pam for Apache and secured a directory with an
.htaccess file:
AuthType Basic
AuthName "Secure Area"
require group staff
require user chris
Now, I would like to control the local browser window's authentication cache
via PHP. For example, how do I clear the cache of a browser window thereby
forcing the user to log back in? I have tried:
Header( "WWW-authenticate: basic realm="Secure Area");
Header( "HTTP/1.0 401 Unauthorized");
but this isn't clearing the cache.
Regards,
Chris
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] HTTP authentication : logout!!!
On 08-May-01 Mauricio Souza Lima wrote:
>
> Cool, you have found another way!
> So the realm make diference? A user loged in a realm isn't the same in
> other realm? Very cool...
Not quite, the realm is a string to present to the login dialog box
it has no effect on the credentials in this example.
But you could code such a thing.
> Explain better your solution to us.
>
'Kay
>
>>
>> logoff.php3:
>>
>> $fname="tmp/$PHP_AUTH_USER";
>> touch($fname);
create a lockfile tmp/loginname
>> Header("Location: http://www.mydomain.com/index.html";);
& send them to a non-protected page.
>>
>> secure.php3:
>>
>> function checklogin($user,$pass='',$realm='') {
>>
here $realm is some unused glue for orthagonal function() calls
>> $fname="tmp/$user";
>> if (file_exists($fname)) {
check if tmp/loginname exists
>> unlink($fname); // delete it
>> return(false);
>> }
if we got this far, they either
1. didn't hit logoff
2. they did and already got the 401-(Re)Authenticate
>> $query="select login from users
>> where login='$user' and password=PASSWORD('$pass')";
>> // echo $query .'';
>> $result = mysql_query( $query);
>> $row = mysql_fetch_object($result);
>> if ($row) {
>> return(true);
>> }
>> return(false);
>> }
>>
Basically it's a spin-lock file that is checked on login ... could just as
easily be done as a shared semaphore, DB entry, whatever.
Regards,
--
Don Read [EMAIL PROTECTED]
-- It's always darkest before the dawn. So if you are going to
steal the neighbor's newspaper, that's the time to do it.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] HTTP authentication : logout!!!
Cool, you have found another way!
So the realm make diference? A user loged in a realm isn't the same in
other realm? Very cool...
Explain better your solution to us.
Regards,
Don Read wrote:
>
> On 07-May-01 Mauricio Souza Lima wrote:
>
> > And you have to inform the user to clean the password field, click ok,
> > then the pop-up will open again, then user click in cancel.
> >
> > I just know that way to do. If anyone know another way, Postit!
> >
>
> create a tmp directory
>
>
> logoff.php3:
>
> require('secure.php3');
> authuser("Logoff"); // validate user (possible Dos attack here)
>
> $fname="tmp/$PHP_AUTH_USER";
> touch($fname);
> Header("Location: http://www.mydomain.com/index.html";);
>
> -
>
> secure.php3:
>
> function checklogin($user,$pass='',$realm='') {
> if (! dbInit()) {
> echo "\n\n";
> die("Unable to contact database server");
> }
>
> $fname="tmp/$user";
> if (file_exists($fname)) {
> unlink($fname);
> return(false);
> }
> $query="select login from users
> where login='$user' and password=PASSWORD('$pass')";
> // echo $query .'';
> $result = mysql_query( $query);
> $row = mysql_fetch_object($result);
> if ($row) {
> return(true);
> }
> return(false);
> }
>
> function authheader($realm) {
> Header('WWW-authenticate: basic realm="'.$realm .'"');
> Header('HTTP/1.0 401 Unauthorized');
> echo "\n\n";
> }
>
> function authuser($realm='Access') {
> global $PHP_AUTH_USER, $PHP_AUTH_PW;
>
> if (! (isset($PHP_AUTH_USER)) ) {
> authheader($realm);
> exit;
> }
> if (! (checklogin($PHP_AUTH_USER, $PHP_AUTH_PW, $realm)) ) {
> authheader($realm);
> echo 'Failed Login';
> exit;
> }
> }
>
> Regards,
> --
> Don Read [EMAIL PROTECTED]
> -- It's always darkest before the dawn. So if you are going to
>steal the neighbor's newspaper, that's the time to do it.
--
Mauricio Souza Lima
Programador - Catho ONLINE
[EMAIL PROTECTED] www.catho.com.br
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] HTTP authentication : logout!!!
On 07-May-01 Mauricio Souza Lima wrote:
> And you have to inform the user to clean the password field, click ok,
> then the pop-up will open again, then user click in cancel.
>
> I just know that way to do. If anyone know another way, Postit!
>
create a tmp directory
logoff.php3:
require('secure.php3');
authuser("Logoff"); // validate user (possible Dos attack here)
$fname="tmp/$PHP_AUTH_USER";
touch($fname);
Header("Location: http://www.mydomain.com/index.html";);
-
secure.php3:
function checklogin($user,$pass='',$realm='') {
if (! dbInit()) {
echo "\n\n";
die("Unable to contact database server");
}
$fname="tmp/$user";
if (file_exists($fname)) {
unlink($fname);
return(false);
}
$query="select login from users
where login='$user' and password=PASSWORD('$pass')";
// echo $query .'';
$result = mysql_query( $query);
$row = mysql_fetch_object($result);
if ($row) {
return(true);
}
return(false);
}
function authheader($realm) {
Header('WWW-authenticate: basic realm="'.$realm .'"');
Header('HTTP/1.0 401 Unauthorized');
echo "\n\n";
}
function authuser($realm='Access') {
global $PHP_AUTH_USER, $PHP_AUTH_PW;
if (! (isset($PHP_AUTH_USER)) ) {
authheader($realm);
exit;
}
if (! (checklogin($PHP_AUTH_USER, $PHP_AUTH_PW, $realm)) ) {
authheader($realm);
echo 'Failed Login';
exit;
}
}
Regards,
--
Don Read [EMAIL PROTECTED]
-- It's always darkest before the dawn. So if you are going to
steal the neighbor's newspaper, that's the time to do it.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] HTTP authentication : logout!!!
I to have never been happy with the way PHP handles actual secure sessions. GameDesign was written to entirely use session based access. Both the main user site, and the admin backend use it, and it works quite well. - John Vanderbeck - Admin, GameDesign (http://gamedesign.incagold.com/) - GameDesign, the industry source for game design and development issues > -Original Message- > From: Robert Covell [mailto:[EMAIL PROTECTED]] > Sent: Monday, May 07, 2001 9:14 AM > To: Martín Marqués; elias > Cc: [EMAIL PROTECTED] > Subject: RE: [PHP] HTTP authentication : logout!!! > > > I must support this fashion of "login" and "logout". I have > never been able > to find a way to clear the browser of the username and password. Once I > combined sessions with a date and timestamp in the realm, it worked like a > charm. > > Sincerely, > > Robert T. Covell > President / Owner > Rolet Internet Services, LLC > Web: www.rolet.com > Email: [EMAIL PROTECTED] > Phone: 816.210.7145 > Fax: 816.753.1952 > > -Original Message- > From: Martín Marqués [mailto:[EMAIL PROTECTED]] > Sent: Monday, May 07, 2001 2:13 AM > To: elias > Cc: [EMAIL PROTECTED] > Subject: Re: [PHP] HTTP authentication : logout!!! > > > On Mar 08 May 2001 02:07, you wrote: > > Never tried it though...but can you try to empty or unset the > > $PHP_AUTH_USER/PWD ? > > This doesn't work, thats why I use a login html page and sessions. :-) > > Saludos... :-) > > -- > El mejor sistema operativo es aquel que te da de comer. > Cuida tu dieta. > - > Martin Marques |[EMAIL PROTECTED] > Programador, Administrador | Centro de Telematica >Universidad Nacional > del Litoral > - > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] HTTP authentication : logout!!!
I must support this fashion of "login" and "logout". I have never been able to find a way to clear the browser of the username and password. Once I combined sessions with a date and timestamp in the realm, it worked like a charm. Sincerely, Robert T. Covell President / Owner Rolet Internet Services, LLC Web: www.rolet.com Email: [EMAIL PROTECTED] Phone: 816.210.7145 Fax: 816.753.1952 -Original Message- From: Martín Marqués [mailto:[EMAIL PROTECTED]] Sent: Monday, May 07, 2001 2:13 AM To: elias Cc: [EMAIL PROTECTED] Subject: Re: [PHP] HTTP authentication : logout!!! On Mar 08 May 2001 02:07, you wrote: > Never tried it though...but can you try to empty or unset the > $PHP_AUTH_USER/PWD ? This doesn't work, thats why I use a login html page and sessions. :-) Saludos... :-) -- El mejor sistema operativo es aquel que te da de comer. Cuida tu dieta. - Martin Marques |[EMAIL PROTECTED] Programador, Administrador | Centro de Telematica Universidad Nacional del Litoral - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] HTTP authentication : logout!!!
On Mar 08 May 2001 02:07, you wrote: > Never tried it though...but can you try to empty or unset the > $PHP_AUTH_USER/PWD ? This doesn't work, thats why I use a login html page and sessions. :-) Saludos... :-) -- El mejor sistema operativo es aquel que te da de comer. Cuida tu dieta. - Martin Marques |[EMAIL PROTECTED] Programador, Administrador | Centro de Telematica Universidad Nacional del Litoral - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] HTTP authentication : logout!!!
$PHP_AUTH_USER = ""; $PHP_AUTH_PW = ""; Ought to do it. > From: Thomas Edison Jr. [mailto:[EMAIL PROTECTED]] > Sent: Monday, May 07, 2001 8:39 AM > To: [EMAIL PROTECTED] > Subject: [PHP] HTTP authentication : logout!!! > Now i woul like to create a logout link after clicking > on which, whenever you click on a page using auth, the > auth box should pop-up again and you must feed in your > user/pass. What should this logout page contain? what > coding do i have to do?> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] HTTP authentication : logout!!!
It dont work, what you have to do is that:
In the logout.php:
--
Logout Sucessful
--
And you have to inform the user to clean the password field, click ok,
then the pop-up will open again, then user click in cancel.
I just know that way to do. If anyone know another way, Postit!
elias wrote:
>
> Never tried it though...but can you try to empty or unset the
> $PHP_AUTH_USER/PWD ?
>
> -elias
> http://www.eassoft.cjb.net
>
> ""Thomas Edison Jr."" <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > i'm using http authentication for my php pages
> > (members area). Once you login correctly, than you can
> > access anypage as the authentication box doesn't
> > pop-up.
> >
> > Now i woul like to create a logout link after clicking
> > on which, whenever you click on a page using auth, the
> > auth box should pop-up again and you must feed in your
> > user/pass. What should this logout page contain? what
> > coding do i have to do?
> > From what i understand, there is a $auth which is
> > "False" by default. When auth is succesfull, it
> > contains "True". And once it's true, the auth box
> > doesn't pop-up. I understand that probably clicking on
> > this "logout" link should again make $auth false. But
> > then $auth is on a lot of pages, how does this $auth
> > on logout.php3 make all the other $auth's false?
> >
> > or is there some other way?
> >
> > the code i'm using for auth is :
> >
> > ***
> > > $auth = false; // Assume user is not authenticated
> > if (isset( $PHP_AUTH_USER ) && isset($PHP_AUTH_PW)) {
> >
> > mysql_connect('localhost','root') or die (
> > 'Unable to connect to server.' );
> > mysql_select_db( 'skynet' ) or die ( 'Unable
> > to select database.' );
> >
> > // Formulate the query
> >
> > $sql = "SELECT * FROM register WHERE
> > username = '$PHP_AUTH_USER' AND
> > password = '$PHP_AUTH_PW'";
> >
> > // Execute the query and put results in $result
> >
> > $result = mysql_query( $sql ) or die ( 'Unable to
> > execute query.' );
> >
> > // Get number of rows in $result.
> > $num = mysql_numrows( $result );
> > if ( $num != 0 ) {
> >
> > // A matching row was found - the user is
> > authenticated.
> >
> > $auth = true;
> > }
> > }
> >
> > if ( ! $auth ) {
> >
> > header( 'WWW-Authenticate: Basic realm="Private"'
> > );
> > header( 'HTTP/1.0 401 Unauthorized' );
> > echo 'Authorization Required.';
> > exit;
> >
> > } else {
> >
> > %%stuff 2 do%%
> >
> > }
> > ?>
> > ***
> >
> > Regards,
> > T. Edison jr.
> >
> >
> >
> > =
> > Rahul S. Johari (Director)
> > **
> > Abraxas Technologies Inc.
> > Homepage : http://www.abraxastech.com
> > Email : [EMAIL PROTECTED]
> > Tel : 91-4546512/4522124
> > ***
> >
> > __
> > Do You Yahoo!?
> > Yahoo! Auctions - buy the things you want at great prices
> > http://auctions.yahoo.com/
> >
--
Mauricio Souza Lima
Programador - Catho ONLINE
[EMAIL PROTECTED] www.catho.com.br
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] HTTP authentication : logout!!!
Never tried it though...but can you try to empty or unset the
$PHP_AUTH_USER/PWD ?
-elias
http://www.eassoft.cjb.net
""Thomas Edison Jr."" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> i'm using http authentication for my php pages
> (members area). Once you login correctly, than you can
> access anypage as the authentication box doesn't
> pop-up.
>
> Now i woul like to create a logout link after clicking
> on which, whenever you click on a page using auth, the
> auth box should pop-up again and you must feed in your
> user/pass. What should this logout page contain? what
> coding do i have to do?
> From what i understand, there is a $auth which is
> "False" by default. When auth is succesfull, it
> contains "True". And once it's true, the auth box
> doesn't pop-up. I understand that probably clicking on
> this "logout" link should again make $auth false. But
> then $auth is on a lot of pages, how does this $auth
> on logout.php3 make all the other $auth's false?
>
> or is there some other way?
>
> the code i'm using for auth is :
>
> ***
> $auth = false; // Assume user is not authenticated
> if (isset( $PHP_AUTH_USER ) && isset($PHP_AUTH_PW)) {
>
> mysql_connect('localhost','root') or die (
> 'Unable to connect to server.' );
> mysql_select_db( 'skynet' ) or die ( 'Unable
> to select database.' );
>
> // Formulate the query
>
> $sql = "SELECT * FROM register WHERE
> username = '$PHP_AUTH_USER' AND
> password = '$PHP_AUTH_PW'";
>
> // Execute the query and put results in $result
>
> $result = mysql_query( $sql ) or die ( 'Unable to
> execute query.' );
>
> // Get number of rows in $result.
> $num = mysql_numrows( $result );
> if ( $num != 0 ) {
>
> // A matching row was found - the user is
> authenticated.
>
> $auth = true;
> }
> }
>
> if ( ! $auth ) {
>
> header( 'WWW-Authenticate: Basic realm="Private"'
> );
> header( 'HTTP/1.0 401 Unauthorized' );
> echo 'Authorization Required.';
> exit;
>
> } else {
>
> %%stuff 2 do%%
>
> }
> ?>
> ***
>
> Regards,
> T. Edison jr.
>
>
>
> =
> Rahul S. Johari (Director)
> **
> Abraxas Technologies Inc.
> Homepage : http://www.abraxastech.com
> Email : [EMAIL PROTECTED]
> Tel : 91-4546512/4522124
> ***
>
> __
> Do You Yahoo!?
> Yahoo! Auctions - buy the things you want at great prices
> http://auctions.yahoo.com/
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] HTTP authentication for username & password
Superb tutorial on Zend: http://www.zend.com/zend/tut/authentication.php HTH Jon -Original Message- From: Thomas Edison Jr. [mailto:[EMAIL PROTECTED]] Sent: 26 April 2001 13:03 To: [EMAIL PROTECTED] Subject: [PHP] HTTP authentication for username & password How can I use the HTTP authentication which pops up that little box in the screen asking for username & password for giving access to a page in PHP? ** 'The information included in this Email is of a confidential nature and is intended only for the addressee. If you are not the intended addressee, any disclosure, copying or distribution by you is prohibited and may be unlawful. Disclosure to any party other than the addressee, whether inadvertent or otherwise is not intended to waive privilege or confidentiality' ** -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] HTTP authentication
I'm sure this wont' help, but just in case you may have missed the obvious
(it happens sometimes)..Make sure you PHP script has the extension .PHP
.. The server won't recognize it as a PHP file otherwise, and it won't know
what to do with it. Also this extension has to be registred properly on the
server, but that is beyond me.
- John Vanderbeck
- Admin, GameDesign
- Original Message -
From: "Thomas Edison Jr." <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, February 15, 2001 2:07 AM
Subject: [PHP] HTTP authentication
> I was browsing thru the http authentication method
> given thru the header() function in the manual. I
> tried it out but it's not giving me the pop-up window
> asking me the username and password and is only
> writing the text given in the code on the page.
> I'm using win98 and otherwise use sun solaris. Does
> this function work on these two OS?
> I have to write a code that checks each time a user
> enters a page, his previously entered user/pwd so as
> to prevent anyone from entering the page if he knows
> and writes the page's URL in the address bar. I've
> used the same authentication method in ASP before for
> the same. Can I use it in my OS using PHP?
> The code I'm entering is:
>
> if(!isset($PHP_AUTH_USER)) {
> Header("WWW-Authenticate: Basic realm=\"My Realm\"");
> Header("HTTP/1.0 401 Unauthorized");
> echo "Text to send if user hits Cancel button\n";
> exit;
> } else {
> echo "Hello $PHP_AUTH_USER.";
> echo "You entered $PHP_AUTH_PW as your password.";
> }
> ?>
>
> Regards,
> T.Edison jr.
>
> =
> Rahul S. Johari (Director)
> **
> Abraxas Technologies Inc.
> Homepage : http://www.abraxastech.com
> Email : [EMAIL PROTECTED]
> Tel : 91-4546512/4522124
> ***
>
> __
> Do You Yahoo!?
> Get personalized email addresses from Yahoo! Mail - only $35
> a year! http://personal.mail.yahoo.com/
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] HTTP authentication
On Wed, Feb 14, 2001 at 11:07:46PM -0800, Thomas Edison Jr. wrote:
> The code I'm entering is:
>
> if(!isset($PHP_AUTH_USER)) {
> Header("WWW-Authenticate: Basic realm=\"My Realm\"");
> Header("HTTP/1.0 401 Unauthorized");
> echo "Text to send if user hits Cancel button\n";
> exit;
> } else {
> echo "Hello $PHP_AUTH_USER.";
> echo "You entered $PHP_AUTH_PW as your password.";
> }
> ?>
I'm not sure what is wrong. I copied and pasted this onto my system and
it works just fine.
--
Jason Stechschulte
[EMAIL PROTECTED]
--
Soitainly. I was assuming that came with the OO-ness of it.
-- Larry Wall in <[EMAIL PROTECTED]>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] HTTP Authentication not getting unset
El Mié 14 Feb 2001 13:44, Chris Lee escribió: > Ive found the same thing and currently do not have a workaround, it seems > that browsers cache this. one method Ive thought of and never tested is to > set a session variable, cross reference that SessionID, PHP_AUTH_PW, > PHP_AUTH_USER are all valid, if not then your not loged in correctly. to > log out just unset SessionID. any future pages will not load. even if the > PW/USER are valid the Session wouldnt. Don't unset the session ID, just destroy the session with session_destroy(). > If the browser has cookies disabled, you have compiled php with > --trans-sid, and the user uses the back button the user would still be able > to view cached pages. you might want to put some fancy no-cache headers in > there somewhere and hope the browser supports them. This feature is pretty cool. If it can't but a cookie in the browser, it expands the URL with the SID, which is all you need, because the variables you register are on the server side (file, database). Saludos... :-) -- System Administration: It's a dirty job, but someone told I had to do it. - Martín Marqués email: [EMAIL PROTECTED] Santa Fe - Argentinahttp://math.unl.edu.ar/~martin/ Administrador de sistemas en math.unl.edu.ar - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] HTTP Authentication not getting unset
El Mié 14 Feb 2001 13:04, Toby Miller escribió: > Sorry, I meant common header, not footer. > > Inside my common "header" on my site .. > (which also includes the same "header") ... Don't worry, I understood it. ;-) -- System Administration: It's a dirty job, but someone told I had to do it. - Martín Marqués email: [EMAIL PROTECTED] Santa Fe - Argentinahttp://math.unl.edu.ar/~martin/ Administrador de sistemas en math.unl.edu.ar - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] HTTP Authentication not getting unset
El Mié 14 Feb 2001 12:37, Toby Miller escribió: > Hey all, Hi, This is far to long, so I'll strip a part of it. > Now if I try to read the $PHP_AUTH_USER or $PHP_AUTH_PW variables anyplace > on the site they don't exist, until I go back to one of the protected > pages. Then they miraculously re-appear and are readily available once > again without requiring the user to log back in. Yes, thats because the browser saves those variables (very bad idea, but what can I say... I didn't write the code of netscape or IE). At this moment I just finished coding a session login, logout hack. So I will suggest you to read about sessions, read some articles in phpbuilder, phpwizard and the documentation. Saludos... :-) -- System Administration: It's a dirty job, but someone told I had to do it. - Martín Marqués email: [EMAIL PROTECTED] Santa Fe - Argentinahttp://math.unl.edu.ar/~martin/ Administrador de sistemas en math.unl.edu.ar - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] HTTP Authentication not getting unset
Chris, I was afraid of that. I do have a contingency plan that is very similar to what you suggested. Since this is all already interacting with the database I'm just going to set a timestamp in the database in that users record and use that to determine if someone is logged in or not. This would also give me the added benefit of expiring sessions after a set period of inactivity. Then the login will require that PHP_AUTH_USER, PHP_AUTH_PW, and the session timestamp are all valid. This should take care of the problem. Unfortunately, the back button will still allow users to see cached pages from logged in sessions, but I guess you can't have everything. :-) Thanks, Toby - Original Message - From: "Chris Lee" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, February 14, 2001 11:44 AM Subject: Re: [PHP] HTTP Authentication not getting unset > Ive found the same thing and currently do not have a workaround, it seems > that browsers cache this. one method Ive thought of and never tested is to > set a session variable, cross reference that SessionID, PHP_AUTH_PW, > PHP_AUTH_USER are all valid, if not then your not loged in correctly. to log > out just unset SessionID. any future pages will not load. even if the > PW/USER are valid the Session wouldnt. > > If the browser has cookies disabled, you have compiled php with --trans-sid, > and the user uses the back button the user would still be able to view > cached pages. you might want to put some fancy no-cache headers in there > somewhere and hope the browser supports them. > > you might even want to impliment a time based system, set the SessionID = > time() on every header; but first check if the current SessionID < 30min old > then invalid login vs updateing SessionID to equal current time() > > This would prevent anyone from viewing cached pages more then 30min old and > force them to re-login > > -- > > > Chris Lee > Mediawaveonline.com > > em. [EMAIL PROTECTED] > > ph. 250.377.1095 > ph. 250.376.2690 > fx. 250.554.1120 > > > > > > ""Toby Miller"" <[EMAIL PROTECTED]> wrote in message > 006901c0969f$cfcf2700$[EMAIL PROTECTED]">news:006901c0969f$cfcf2700$[EMAIL PROTECTED]... > > Sorry, I meant common header, not footer. > > > > Inside my common "header" on my site .. > > (which also includes the same "header") ... > > > > - Original Message - > > From: "Toby Miller" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Wednesday, February 14, 2001 10:37 AM > > Subject: [PHP] HTTP Authentication not getting unset > > > > > > Hey all, > > > > New problem. I really hope there's something simple to do to fix it. Check > > out this scenario and tell me if there's a step that I'm missing. > > > > Inside my common footer on my site the very first call is to an include > > called UserAuth.inc.php. > > > > UserAuth.inc.php checks $REQUEST_URI to see if the present directory or > URL > > is protected or not. > > > > If it is protected then it checks to see if $PHP_AUTH_USER is set. If it > is > > then it runs through the usual HTTP Authentication. If it fails it goes to > a > > failure page, if it succeeds then it logs the user in. > > > > Now I can surf around on the site and that same authentication will > continue > > to be used for the rest of the site where ever another protected directory > > or file is found (as to be expected). > > > > Now to logout I have a page called logout.php. If you go to this page > (which > > also includes the same footer) there is another action that takes place. > > > > If the $REQUEST_URI contains logout.php then I print the same "401" header > > that I print for authentication and unset $PHP_AUTH_USER, $PHP_AUTH_PW and > > $AUTH_USER. $AUTH_USER is the user authentication object in my class file > > UserAuth.class.php. I'm just unsetting this so that no code will still > have > > record of the old authentication object to do anything with. > > > > Now if I try to read the $PHP_AUTH_USER or $PHP_AUTH_PW variables anyplace > > on the site they don't exist, until I go back to one of the protected > pages. > > Then they miraculously re-appear and are readily available once again > > without requiring the user to log back in. > > > > If you've got any ideas, suggestions, guesses or references, please reply. > > I've run out of ideas. I can also provide the code that I'm using if you > > thin
Re: [PHP] HTTP Authentication not getting unset
Ive found the same thing and currently do not have a workaround, it seems that browsers cache this. one method Ive thought of and never tested is to set a session variable, cross reference that SessionID, PHP_AUTH_PW, PHP_AUTH_USER are all valid, if not then your not loged in correctly. to log out just unset SessionID. any future pages will not load. even if the PW/USER are valid the Session wouldnt. If the browser has cookies disabled, you have compiled php with --trans-sid, and the user uses the back button the user would still be able to view cached pages. you might want to put some fancy no-cache headers in there somewhere and hope the browser supports them. you might even want to impliment a time based system, set the SessionID = time() on every header; but first check if the current SessionID < 30min old then invalid login vs updateing SessionID to equal current time() This would prevent anyone from viewing cached pages more then 30min old and force them to re-login -- Chris Lee Mediawaveonline.com em. [EMAIL PROTECTED] ph. 250.377.1095 ph. 250.376.2690 fx. 250.554.1120 ""Toby Miller"" <[EMAIL PROTECTED]> wrote in message 006901c0969f$cfcf2700$[EMAIL PROTECTED]">news:006901c0969f$cfcf2700$[EMAIL PROTECTED]... > Sorry, I meant common header, not footer. > > Inside my common "header" on my site .. > (which also includes the same "header") ... > > - Original Message - > From: "Toby Miller" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, February 14, 2001 10:37 AM > Subject: [PHP] HTTP Authentication not getting unset > > > Hey all, > > New problem. I really hope there's something simple to do to fix it. Check > out this scenario and tell me if there's a step that I'm missing. > > Inside my common footer on my site the very first call is to an include > called UserAuth.inc.php. > > UserAuth.inc.php checks $REQUEST_URI to see if the present directory or URL > is protected or not. > > If it is protected then it checks to see if $PHP_AUTH_USER is set. If it is > then it runs through the usual HTTP Authentication. If it fails it goes to a > failure page, if it succeeds then it logs the user in. > > Now I can surf around on the site and that same authentication will continue > to be used for the rest of the site where ever another protected directory > or file is found (as to be expected). > > Now to logout I have a page called logout.php. If you go to this page (which > also includes the same footer) there is another action that takes place. > > If the $REQUEST_URI contains logout.php then I print the same "401" header > that I print for authentication and unset $PHP_AUTH_USER, $PHP_AUTH_PW and > $AUTH_USER. $AUTH_USER is the user authentication object in my class file > UserAuth.class.php. I'm just unsetting this so that no code will still have > record of the old authentication object to do anything with. > > Now if I try to read the $PHP_AUTH_USER or $PHP_AUTH_PW variables anyplace > on the site they don't exist, until I go back to one of the protected pages. > Then they miraculously re-appear and are readily available once again > without requiring the user to log back in. > > If you've got any ideas, suggestions, guesses or references, please reply. > I've run out of ideas. I can also provide the code that I'm using if you > think it might just be a problem with my logic. I don't think this is the > case as I shouldn't be able to read any variable that has been unset, but > like I said, I'm running out of ideas. > > System: RedHat 6.1-6 i686 Kernel 2.2.13 > Server: Apache 1.3.12 > PHP: 4.0.3pl1 > > Thanks, > Toby > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] HTTP Authentication not getting unset
Sorry, I meant common header, not footer. Inside my common "header" on my site .. (which also includes the same "header") ... - Original Message - From: "Toby Miller" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, February 14, 2001 10:37 AM Subject: [PHP] HTTP Authentication not getting unset Hey all, New problem. I really hope there's something simple to do to fix it. Check out this scenario and tell me if there's a step that I'm missing. Inside my common footer on my site the very first call is to an include called UserAuth.inc.php. UserAuth.inc.php checks $REQUEST_URI to see if the present directory or URL is protected or not. If it is protected then it checks to see if $PHP_AUTH_USER is set. If it is then it runs through the usual HTTP Authentication. If it fails it goes to a failure page, if it succeeds then it logs the user in. Now I can surf around on the site and that same authentication will continue to be used for the rest of the site where ever another protected directory or file is found (as to be expected). Now to logout I have a page called logout.php. If you go to this page (which also includes the same footer) there is another action that takes place. If the $REQUEST_URI contains logout.php then I print the same "401" header that I print for authentication and unset $PHP_AUTH_USER, $PHP_AUTH_PW and $AUTH_USER. $AUTH_USER is the user authentication object in my class file UserAuth.class.php. I'm just unsetting this so that no code will still have record of the old authentication object to do anything with. Now if I try to read the $PHP_AUTH_USER or $PHP_AUTH_PW variables anyplace on the site they don't exist, until I go back to one of the protected pages. Then they miraculously re-appear and are readily available once again without requiring the user to log back in. If you've got any ideas, suggestions, guesses or references, please reply. I've run out of ideas. I can also provide the code that I'm using if you think it might just be a problem with my logic. I don't think this is the case as I shouldn't be able to read any variable that has been unset, but like I said, I'm running out of ideas. System: RedHat 6.1-6 i686 Kernel 2.2.13 Server: Apache 1.3.12 PHP: 4.0.3pl1 Thanks, Toby -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] HTTP Authentication w/IIS
>OK, I loaded PHP with the ISAPI filter, but still no luck with authentication.. Did you reboot? It is Windows... I think will tell you if you are actually using ISAPI or CGI or not... Maybe. -- Visit the Zend Store at http://www.zend.com/store/ Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm Volunteer a little time: http://chatmusic.com/volunteer.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] HTTP Authentication - Message 2
Dear Shane,
Thanks for response.
But when I use PHP3 and Apache than all is good.
And when I use PHP4 (!!!) and Apache than Apache don't understanding header
('HTTP/1.0 401 Unauthorized'), and Apache's "error.log" consist of "Bad
header=HTTP/1.0 401 Unauthorized: d:/program files/php/php.exe".
Do you know what is the matter?
Thanks in advance.
Nick.
- Original Message -
From: Shane McBride <[EMAIL PROTECTED]>
To: Nick Kostirya <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Wednesday, February 07, 2001 7:06 PM
Subject: Re: [PHP] HTTP Authentication
> Nick,
>
> I'm not sure were you are getting the value of $PHP_AUTH_USER from, so you
> might want to try this snippet. This causes a dialog box to open and ask
for
> a username/password.
>
> Also, in your code: you do not need to escape the quotes in the header.
>
> // Check to see if $PHP_AUTH_USER already contains info
> if (!isset($PHP_AUTH_USER)) {
> // If empty, send header causing dialog box to appear
> header('WWW-Authenticate: Basic realm="Whatever You want to say"');
> header('HTTP/1.0 401 Unauthorized');
> echo 'Authorization Required!';
> exit;
> } else if (isset($PHP_AUTH_USER)) {
> if (($PHP_AUTH_USER !="abc") || ($PHP_AUTH_PW !="123")) {
>header('WWW-Authenticate: Basic realm="Whatever You want to say"');
>header('HTTP/1.0 401 Unauthorized');
>echo 'Authorization Required!';
>exit;
> } else {
>// Start echo statement
>echo "hello";
> }
> }
> ?>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] HTTP Authentication
Nick,
I'm not sure were you are getting the value of $PHP_AUTH_USER from, so you
might want to try this snippet. This causes a dialog box to open and ask for
a username/password.
Also, in your code: you do not need to escape the quotes in the header.
- Original Message -
From: "Nick Kostirya" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, February 07, 2001 10:27 AM
Subject: [PHP] HTTP Authentication
> Hi, all.
> HTTP Authentication in PHP 4 - Apache don't work!!!
> Help me.
> Best.
> __
>if(!isset($PHP_AUTH_USER)) {
> Header("WWW-Authenticate: Basic realm=\"My Realm\"");
> Header("HTTP/1.0 401 Unauthorized");
> echo "Text to send if user hits Cancel button\n";
> exit;
> } else {
> echo "Hello $PHP_AUTH_USER.";
> echo "You entered $PHP_AUTH_PW as your password.";
> }
> ?>
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
