<?php
function auth_user() {
exec(">xxxx");
Header("WWW-Authenticate: Basic realm=\"My Realm\"");
Header("HTTP/1.0 401 Unauthorized");
}
// Header("WWW-Authenticate: Basic realm=\"My Realm\"");
if (!isset($PHP_AUTH_USER)) {
// echo "USER: $PHP_AUTH_USER";
auth_user();
} else
echo "else";
?>
Most likely I just don't understand how headers work. But let me explain the
problem I am having.
1. Close all instances of your browser (I am using IE-5.01 and I have not
tried any other browsers). However I don't believe it is a browser issue.
2. Run the script shown above.
3. Enter some user ID and password... Everything so far works fine.
4. Look in the directory where the script is stored. There should be a file
called xxxx. This indicates that auth_user has run.
5. Remove the file xxxx.
6. Refresh the browser. Look for the file xxxx. Notice that xxxx is present
which indicates that the auth_user function was executed; which should only
happen if $PHP_AUTH_USER is NOT set....YET "else" was printed on screen
which indicates that $PHP_AUTH_USER IS set.
7. Uncomment the commented "header" line and notice that a user ID and
password prompt is always issued in this case.
My questions are:
1. Why are both sides of the conditional "If (!isset($PHP_AUTH_USER))" being
executed?
2. Why, when auth_user is being executed on subsequent refreshes, no prompt
for a new user ID and password is issued?
3. Why, if a authenticate header is sent before testing, a user ID and
password prompt is issued?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
