Closed Thread Icon

Topic awaiting preservation: HTTP authentication and cookies in PHP (Page 1 of 1) Pages that link to <a href="" title="Pages that link to Topic awaiting preservation: HTTP authentication and cookies in PHP (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: HTTP authentication and cookies in PHP <span class="small">(Page 1 of 1)</span>\

Paranoid (IV) Inmate

Insane since: Apr 2000

posted posted 09-20-2002 01:40

Okay - I'm thinking about doing something and I could use some advice. I'd like to do some minor HTTP authentication in PHP, and then use a cookie to "stay" authenticated.

So my working theory is this:

Check for the cookie. If it doesn't exist, prompt for the credentials using
header('WWW-Authenticate: Basic realm="Secure Media Area"');
header('HTTP/1.0 401 Unauthorized');
echo "Authorization Required.\n";

If it passes that, write the cookie and carry on.

Does this make sense, and if so, is it a good way to go?

Anyone got a working script I could look at?

Maniac (V) Mad Scientist

From: 100101010011 <-- right about here
Insane since: Mar 2000

posted posted 09-20-2002 02:06

got a couple.

First I found this once on zend

It's not the same sort of authentication that is used in your example, that's pretty much the same as a .htaccess file. But this way you can do the nice HTML login screens.

From that I built this class which uses a database backend.
There's actually 2 classes on that page, my user class and my db class. The db class is used in the user class so you need both. I'd save them as 2 files and use something like
at the top of the user class to make sure the db class is there. (require_once will not require it if it's already included and is nice to prevent reloading the same file several times)

Jeez I need to comment my stuff

Anyway to use the user class you need to first instantiate it.

$u = new user();

Then say you want to see if someone is logged in.

if ($u->check_ticket()) {
// show the page
} else {
// kick them to a login screen. I use seperate includes for this.

After the login screen you do this
// instantiate the class
$u = new user();

// check the user, in this example I'm using post vars so I'm submitting those.
if ($u->checkuser($HTTP_POST_VARS['username'], $HTTP_POST_VARS['password']) {
// do something.
} else {
// login.

You could combine these

$u = new user;

if ($u->checkuser($user, $pass) &#0124; &#0124; $u->check_ticket()) {
// do something
} else {
// login.

Anyway play with it a bit. and ask if you have any questions.

.:[ Never resist a perfect moment ]:.

« BackwardsOnwards »

Show Forum Drop Down Menu