I had a question about the use of the HTTP header 'WWW-Authenticate'
in PHP scripts. For example, the script below sends the header 'WWW-
Authenticate: Basic Realm="Secret Stash"', followed by the header
'HTTP/1.0 401 unauthorized', to force the web browser to display a
username/password dialog. The script then calls exit().
I don't understand how the script gets re-invoked (after the username
and password have been supplied in the dialog box and user has clicked
OK)
because the script called exit() after issuing the two header() calls.
I understand that once the username and password have been supplied
that $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] set.
But how does the server know to re-invoke the same script a second
time? After all the script just did an exit() after sending the
headers.
<?php
// Preset authentication status to false.
$authorized = FALSE;
if (isset($_SERVER['PHP_AUTH_USER']) &&
isset($_SERVER['PHP_AUTH_PW'])) {
// Read the authentication file into an array
$authFile = file("./authenticationFile.txt");
// Cycle through each line in file, searching for
authentication match.
foreach ($authFile as $login) {
list($username, $password) = explode(":", $login);
// Remove the newline from the password
$password = trim($password);
if ($username == $_SERVER['PHP_AUTH_USER'] &&
$password == md5($_SERVER['PHP_AUTH_PW'])) {
$authorized = TRUE;
break;
}
}
}
// If not authorized, display authentication prompt or 401 error
if (! $authorized) {
header('WWW-Authenticate: Basic Realm="Secret Stash"');
header('HTTP/1.0 401 Unauthorized');
print('You must provide the proper credentials! Buster!!!');
exit;
}
// restricted material goes here...
?> 3 6042 ku***@pobox.com wrote:
I had a question about the use of the HTTP header 'WWW-Authenticate'
in PHP scripts. For example, the script below sends the header 'WWW-
Authenticate: Basic Realm="Secret Stash"', followed by the header
'HTTP/1.0 401 unauthorized', to force the web browser to display a
username/password dialog. The script then calls exit().
I don't understand how the script gets re-invoked (after the username
and password have been supplied in the dialog box and user has clicked
OK)
because the script called exit() after issuing the two header() calls.
<snipped example>
Your script first checks if a username and a password are given and
exits only if that is not the case, sending a request header for
authentication.
The client asks for the page (without the password and username being
sent), gets the request header and then displays a login dialog.
When the user has filled in the username and password, the page is
requested again, but now with credentials. So the browser just requests
the same page again with different headers.
Best regards,
--
Willem Bogaerts
Application smith
Kratz B.V. http://www.kratz.nl/
When the user has filled in the username and password, the page is
requested again, but now with credentials. So the browser just requests
the same page again with different headers.
Thanks Willem for the reply. While I did understand the logic of the
script, I wasn't familiar with was the fact that the http server
remembers the script that issued the
header('WWW-Authenticate: Basic Realm="Secret Stash"');
header('HTTP/1.0 401 Unauthorized');
and re-invokes. So it is the http server that "remembers" and then re-
invokes the same script that issued the 'wwww-Authenticate'.
In our last episode,
<20**********************************@d1g2000hsg.g ooglegroups.com>,
the lovely and talented ku***@pobox.com
broadcast on comp.lang.php:
>When the user has filled in the username and password, the page is requested again, but now with credentials. So the browser just requests the same page again with different headers.
Thanks Willem for the reply. While I did understand the logic of the
script, I wasn't familiar with was the fact that the http server
remembers the script that issued the
header('WWW-Authenticate: Basic Realm="Secret Stash"');
header('HTTP/1.0 401 Unauthorized');
and re-invokes. So it is the http server that "remembers" and then re-
invokes the same script that issued the 'wwww-Authenticate'.
Errr...no. It's the browser. Try reading the response again.
--
Lars Eighner <http://larseighner.com/ us****@larseighner.com
I have not seen as far as others because giants were standing on my shoulders. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Bob Garbados |
last post by:
forgive my ignorance, as I'm new to php coming from a ms background...
If I create a page named redirect.php and it's only content is:
<?php
header("Location: http://www.google.com");
?>...
|
by: A |
last post by:
Hi,
Can you actually compile header files? I'm writing a header file named
"test.h" using Visual C++ 6.0 and I get the following error message when I
try to compile it:
"no compile tool...
|
by: Steven T. Hatton |
last post by:
If a header is not necessarily a source file, and the sequences delimited by
< and > in header names aren't necessarily valid source file names, what
exactly is a header?
--
p->m == (*p).m == p.m...
|
by: Steven T. Hatton |
last post by:
In the past there have been lengthy discussiions regarding the role of
header files in C++. People have been very adamat about header files
serving as in interface to the implementation. I do...
|
by: John Smith |
last post by:
Hi all
What does the group think of the practise of including one header file from
inside another?
I have some legacy code where this has been done, and it creates a
dependency on a module...
|
by: Mike Koerner |
last post by:
Hi,
I am having problems setting the HttpWebRequest Date header. I understand
that it is a restricted header and I do receive the
"This header must be modified with the appropriate property." ...
|
by: Monty |
last post by:
Something odd is happening. Scripts on several sites that collect form
data, save it to a DB, then redirect the user to another page are
slowing to a crawl during the redirect using the header()...
|
by: =?Utf-8?B?V2ViQnVpbGRlcjQ1MQ==?= |
last post by:
I have a sub in vb.net that adds extra headers to a gridview and it works
very well.
however, i tried to translate it to c# and i'm getting the header inserting
itself over the first datarows and...
|
by: FFMG |
last post by:
Hi,
I want to send expiry headers along with my images.
This is the code in my .htaccess file
Code:
--------------------
...
|
by: Noorain |
last post by:
I designed a site. i want to header,footer,left & right column fixed but body information only scrolling. this site screen to be 800/600 px. i designed this way but when i used position fixed all...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
| |