Puzzled in Pagosa...
Sep. 23rd, 2001 08:31 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
alexpgpThe following is an example script that illustrates what's bugging me:
What puzzles me is that upon executing the two calls to the PHP header() function, I don't see how one can avoid the call to die(), which causes the message to be output and the script to exit. The only way this makes any sense at all is if, upon entering a user name and password, somehow execution of the script starts from the beginning.
Hmmm. I can't seem to get this to work on the eSlate using lynx as my browser, despite the fact that the Apache web server on the laptop runs PHP as a module (required if this type of authentication is to work). Who knows? Maybe it's because I'm using lynx.
In any event, what I am seeing in lynx is an immediate rejection of any name and password I enter, with a displayed query as to whether I want to try again. After a few rejected attempts to enter a name and password, I finally respond in the negative and am then prompted as to whether I wish to see the 401 message. Responding 'y' displays the 'Authentication required' message.
Turning elsewhere, I find my ISP uses a CGI-based PHP server API (which means that the PHP code is not executed by a module from within the web server, but by a separate program). Unfortunately, this PHP configuration does not support this type of authentication.
Ye gods.
Cheers...
P.S. [Update of 24 Sep] While the lack of "direct" authentication support on systems that run PHP as a separate program is a pain, so is having a typo in your test script (a typo I am leaving in this post, BTW, as a reminder). Once I took care of the typo, which I found by deciding to examine the script one more time, running it on my eSlate with lynx worked fine. Next: see if I can make it work with MySQL.
<?
if ( (!isset($PHP_AUTH_USER)) ||
(!isset($PGP_AUTH_PW)) ||
($PHP_AUTH_USER != 'foo') ||
($PHP_AUTH_PW != 'bar') ) {
header('WWW-Authenticate: Basic realm="Baz"');
header('HTTP/1.0 401 Unauthorized');
die('Authorization required');
}
else {
echo 'Success!';
}
?>The way I understand what happens upon executing this script, if either global variable $PHP_AUTH_USER or $PHP_AUTH_PW is not 'true', or if the former isn't 'foo' or the latter isn't 'bar', then the script causes an authentication dialog box to appear on the browser's screen, asking for a user name and a password.What puzzles me is that upon executing the two calls to the PHP header() function, I don't see how one can avoid the call to die(), which causes the message to be output and the script to exit. The only way this makes any sense at all is if, upon entering a user name and password, somehow execution of the script starts from the beginning.
Hmmm. I can't seem to get this to work on the eSlate using lynx as my browser, despite the fact that the Apache web server on the laptop runs PHP as a module (required if this type of authentication is to work). Who knows? Maybe it's because I'm using lynx.
In any event, what I am seeing in lynx is an immediate rejection of any name and password I enter, with a displayed query as to whether I want to try again. After a few rejected attempts to enter a name and password, I finally respond in the negative and am then prompted as to whether I wish to see the 401 message. Responding 'y' displays the 'Authentication required' message.
Turning elsewhere, I find my ISP uses a CGI-based PHP server API (which means that the PHP code is not executed by a module from within the web server, but by a separate program). Unfortunately, this PHP configuration does not support this type of authentication.
Ye gods.
Cheers...
P.S. [Update of 24 Sep] While the lack of "direct" authentication support on systems that run PHP as a separate program is a pain, so is having a typo in your test script (a typo I am leaving in this post, BTW, as a reminder). Once I took care of the typo, which I found by deciding to examine the script one more time, running it on my eSlate with lynx worked fine. Next: see if I can make it work with MySQL.
