"Justin Patrin" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Jas wrote:
>
> > Combination of session vars and cookie vars...
> > example...
> > [login page]
> > sets cookie with auth=0 (variable)
> > sets session with auth=0 (variable)
> >
> > [logged in page(s)]
> > sets cookie with auth=1 (variable -client side)
> > sets session with auth=1 (variable -server side)
> > hash of users password as client side var
> >
> > then just write a function to look on the users machine for a cookie
> > from your site with auth=1, then if you see that present simply
> > authenticate the user.
> >
> > HTH
> > Jas
> >
> >
> > Evan Nemerson wrote:
> >
> >> On Thursday 11 December 2003 04:17 pm, ROBERT MCPEAK wrote:
> >>
> >>> I've dug around quite a bit and can't figure out how I might use PHP
to
> >>> handle an .htaccess login. For example, if I wanted a script to log
> >>> in the
> >>> user, rather than the user logging in with the standard .htaccess
> >>> dialog.
> >>>
> >>> Any ideas?
> >>
> >>
> >>
> >> I could be wrong, but I think this would be rather client-dependent. I
> >> don't think HTTP remembers who you throughout a session- i think the
> >> headers get sent every time. My only idea from PHP would be to set the
> >> $_SERVER['PHP_AUTH_*'] stuff, but i sincerely doubt that would do
> >> anything. I just don't think there's a way to ask the browser to set
> >> that info through http. Maybe ask @ javascript forum?
> >>
> >> If you find a solution, I'd love to hear it...
> >>
> >>
> >>> Since the .htaccess vars are stored in the browser, should I be
> >>> looking at
> >>> a PHP/JavaScritpt 1-2 punch?
> >>>
> >>> Thanks,
> >>>
> >>> Bob
> >>
> >>
> >>
>
> You could also use the PEAR::Auth package to do authentication (through
> a form or a .htaccess style popup).
>
> --
> paperCrane <Justin Patrin>
Hi Robert
I understood that you would like to do a login doing the HTTP AUTH method.
Here are some scripts:
Script 1: login:
<?php
//if the username field or the password field has not been filled out,
//then send at WWW-Authenticate header followed by a aunauthorized one
if(!$_SERVER['PHP_AUTH_USER'] || !$_SERVER['PHP_AUTH_PW']){
header("WWW-Authenticate: Basic realm=\"Leksjon 11\"");
header("HTTP/1.0 401 Unauthorized");
exit;
//else check if the pass/user is right
}else{
$user = $_SERVER['PHP_AUTH_USER'];
$pass = $_SERVER['PHP_AUTH_PW'];
if($user == 'test' && $pass == 'test'){
echo "You were logged inn!<br><br><a href=\"go_on.php\">To next file</a>";
}else{
//if incorrect, resend headers
header("WWW-Authenticate: Basic realm=\"Leksjon 11\"");
header("HTTP/1.0 401 Unauthorized");
exit;
}
}
?>
Script 2: go_on.php :
<?php
//check the user/pass, if not correct, redirect
if($_SERVER['PHP_AUTH_USER'] == 'test' && $_SERVER['PHP_AUTH_PW'] ==
'test'){
echo "You're logged inn!!!";
}else{
header("Location: login.php");
exit;
}
?>
I had not anymore time to write more comments, but i hope it was helpfull.
Eric
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
