| View previous topic :: View next topic | 
	
	
		| Author | Message | 
	
		| senshi -
 
 
 Joined: 05 Nov 2003
 Posts: 385
 Location: UK
 
 | 
			
				|  Posted: Tue Jul 08, 2008 5:09 pm    Post subject: Login Authentication |   |  
				| 
 |  
				| What sets $_SERVER['PHP_AUTH_USER'] and $_SERVER['HTTP_AUTH_USER'] and whats the difference and how can I wipe the setting(s)? 
 I have looked on the internet but PHP website does not list any help for $_SERVER['PHP_AUTH_USER'] et al.
 
 I need to force password entry for certain pages within the website but need to have this done by the web server login panel. and from time to time to ensure that the web pages I am designing have a valid login.
 
 I have tried to NULL it and to ""; with a string but nothing seems to work.
 
 Any suggestions.
 
 Thx.
 |  | 
	
		| Back to top |     | 
	
		|  | 
	
		| formlesstree3 -
 
 
 Joined: 11 Aug 2008
 Posts: 2
 
 
 | 
			
				|  Posted: Mon Aug 11, 2008 6:38 am    Post subject: |   |  
				| 
 |  
				| Use sessions with mysql validation..if you need help with that, pm me. |  | 
	
		| Back to top |     | 
	
		|  | 
	
		| etorvinen -
 
 
 Joined: 02 Jan 2005
 Posts: 31
 
 
 | 
			
				|  Posted: Fri Aug 15, 2008 11:26 pm    Post subject: |   |  
				| 
 |  
				| is when you add users in the abyss web server console... 	  | Code: |  	  | $_SERVER['HTTP_AUTH_USER'] | 
 I think it is when you password protect a directory. The info is stored in those var....
 
 I used them with a file manager using PHP....
 
 
 i believe there is a PASS var too..
 
 
  	  | Code: |  	  | $_SERVER['HTTP_AUTH_USER']; $_SERVER['HTTP_AUTH_PASS'];
 | 
 _________________
 ;@
 |  | 
	
		| Back to top |     | 
	
		|  | 
	
		| abyssisthebest -
 
 
 Joined: 30 Jun 2005
 Posts: 319
 Location: Boston, UK
 
 | 
			
				|  Posted: Sun Aug 17, 2008 10:56 pm    Post subject: |   |  
				| 
 |  
				| What etorvinen said is correct. When you use the directory protection in Abyss, if a username successfully authenticates, the username is stored under the $_SERVER['AUTH_USER'] variable. 
 I haven't heard about the PASS variable, but instinct tells me that this is unlikly to exist, because the contents would possibly be in plain text which would be really insecure. Although I may be wrong.
 _________________
 My online Portfolio
 |  | 
	
		| Back to top |         | 
	
		|  | 
	
		| DonQuichote -
 
 
 Joined: 24 Dec 2006
 Posts: 68
 Location: The Netherlands
 
 | 
			
				|  Posted: Mon Aug 18, 2008 9:17 pm    Post subject: |   |  
				| 
 |  
				| As far as I know, all server variables starting with HTTP_ are client-sent headers. |  | 
	
		| Back to top |     | 
	
		|  | 
	
		| etorvinen -
 
 
 Joined: 02 Jan 2005
 Posts: 31
 
 
 | 
			
				|  Posted: Wed Sep 24, 2008 2:50 pm    Post subject: |   |  
				| 
 |  
				|  	  | DonQuichote wrote: |  	  | As far as I know, all server variables starting with HTTP_ are client-sent headers. | 
 
 I believe this also works under apache too.
 using the .htassess files. and a .passwd file
 _________________
 ;@
 |  | 
	
		| Back to top |     | 
	
		|  | 
	
		|  |