Couple of ways of doing this ---
1. Assume you will be storing the username/password combo in a database.
2. Yes, use a cookie if you wish to store password on the client side.
3. PHP sessions are good for temporary storage of the username/password
combo, or whatever else you may use for your security scheme. There are
also built in variables :
$HTTP_SERVER_VARS[ "PHP_AUTH_USER" ]
$HTTP_SERVER_VARS[ "PHP_AUTH_PW" ]
Depending on your authorization scheme, if the login was successful you
could assign those values to these variables and your security is looked
after. When the browser is closed the values disappear and you don't have
to manage them.
Stumbled across this trying to get ht-dig to work. Every page of my
client's site is protected by a little fragment of PHP; if a session has
not been started with a variable holding a certain key value, I redirect to
a login page. No matter what I did, ht-dig when executed through a system()
call kept hitting the redirect.
As ht-dig supports the BASIC authentication scheme, I wrapped my "real"
security in a test for $HTTP_SERVER_VARS[ "PHP_AUTH_USER" ] = "lookfor" and
$HTTP_SERVER_VARS[ "PHP_AUTH_PW" ]="mehere". If these vars don't exist or
don't match the values assigned to htdig with the -u parameter in the
calling script, execution falls through to my real security scheme,
otherwise it is bypassed and ht-dig indexes the page.
Regards - Miles Thompson
At 09:08 PM 3/19/01 +0200, Batis wrote:
>Hello everyone,
>
>I want to build an authentication system like when entering Yahoo!. I.e.
>each user can sign-up for a username, which has a password. When he enters
>the site, there's a login box:
>
>Username: [textbox]
>Password: [password textbox]
>[checkbox] Remember my username & password
>
>If he checks the checkbox, then when he next visits the site (let's say
>the next day), he will be automaticly entered, as the login info will be
>stored in a cookie.
>
>What if the checkbox is unchecked? How can I store the login info
>temporarily and when he closes the browser (like in an HTTP
>authentication) the info would be gone?
>
>Is the PHP 4 session management the solution to my problem?
>
>.................................................................
>.. Dimitris Batis ....................... [EMAIL PROTECTED] ..
>.. http://www.ravencrypt.com ....................................
>.. ICQ: 18204204 .................... Yahoo! ID: deggial_wrath ..
>.................................................................
>
>"The road to truth is long, and lined the entire way with annoying bastards."
>-- Alexander Jablokov, The place of no shadows
>
>
>--
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
