Oops!!!
I didn't read your question fully.
I think you CAN do what you want, if you can get some kind of cookie or
and/or session variable to work to record when the user got to your page.
You leave your logic as is, except that when you get a valid
user you check to see if they have been on the page before via
a cookie and/or session variable. If they haven't, you just go
on as normal. If they have been to your page you FIRST reset the
cookie/session variable to say they haven't been to the page
and THEN issue your header AS IF THEY HAD THE INCORRECT USERNAME/
PASSWORD. This will force the browser to reprompt for username/password
and when they come back to your page, you'll treat them as if they've
never been there and let them through.
e.g. using cookies (I don't use sessions so I might get the syntax wrong),
if ( (! $auth) or $reprompt == 'Yes')
{
// Cancel the reprompt
cookie("reprompt");
header( 'WWW-Authenticate: Basic realm="Private"' );
header( 'HTTP/1.0 401 Unauthorized' );
echo 'Authorization Required.';
exit;
} else
// Mark them ready to be reprompted next time
cookie("reprompt","Yes");
session_start();
}
Sorry,
George
George Whiffen wrote:
>
> Jeremy,
>
> I don't think it's possible to do what you want, and I have tried finding
> a way.
>
> With your "header " you are requestion an http authentication which means
> the browser has to store the username and password and send them with EVERY page.
> Those are the rules.
>
> The only way to tell the browser to lose the username/password that I've found is to
>tell
> it that they're incorrect, (even though they are correct). But if you do
> that it will go and ask the user to type them in again another three times
> before it gives up and drops them.
>
> You'll find that most of your users will probably keep the username/password
> even after closing the browser and switching their computer off, which I guess
> is even worse as far as you're concerned.
>
> I hope I'm wrong but if you really must get them to enter username/password
> every time, I think you'll have to create your own login box and forget
> about http authentication.
>
> It might be worth posting your question to an apache newsgroup as well. Even
> if you're not using Apache, you should find those guys know just about everything
> there is to know about http authentication.
>
> Good Luck and I hope I'm wrong!
>
> George
>
> Jeremy Morano wrote:
> >
> > Hi everone...
> > I'm having a little problem. The code below pops up a password dialog box
> > where the user types in a username and a password to be able to proceed.
> > However, if the user does not close the browser and goes back to the link,
> > which they pops up the diolog box again and they don't have to type in there
> > username and password again. They are remembered. I would like it so that
> > the user has to type in there username and password any and every time that
> > the diolog box is called on. Doe anyone know how to do this? I tried to
> > clear the contents of PHP_AUTH_USER and PHP_AUTH_PW at the top of the page
> > but that just messed things up. Can someone please help me?
> >
> > <?
> > session_start();
> > session_register("PHP_AUTH_USER");
> >
> > if (isset( $PHP_AUTH_USER ) && isset($PHP_AUTH_PW))
> >
> > // Connect to MySQL
> >
> > mysql_connect( 'l', 'c', 'c' )
> > or die ( 'Unable to connect to server.' );
> >
> > // Select database on MySQL server
> >
> > mysql_select_db( 'contact' )
> > or die ( 'Unable to select database.' );
> >
> > // Formulate the query
> >
> > $sql = "SELECT * FROM users WHERE
> > username = '$PHP_AUTH_USER' AND
> > password = '$PHP_AUTH_PW'";
> >
> > // Execute the query and put results in $result
> >
> > $result = mysql_query( $sql )
> > or die ( 'Unable to execute query.' );
> >
> > // Get number of rows in $result.
> >
> > $num = mysql_numrows( $result );
> >
> > if ( $num != 0 )
> >
> > // A matching row was found - the user is authenticated.
> >
> > $auth = true;
> >
> > }
> >
> > }
> >
> > if ( ! $auth )
> >
> > header( 'WWW-Authenticate: Basic realm="Private"' );
> > header( 'HTTP/1.0 401 Unauthorized' );
> > echo 'Authorization Required.';
> > exit;
> >
> > } else
> >
> > session_start();
> >
> > }
> >
�
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
