Scott Fletcher wrote:
Hi!
The login page where the HTTP Authentication would pop-up asking the web user to enter the user id and password to log in. I'm using the PHP's $_SERVER['PHP_AUTH_USER'] and it work okay in both Internet Explorer and Gecko browsers, like Mozilla for example. What I had discovered is that when using the PHP's header, 'header("Location: https://whatever";); to go to the next webpage (with HTTP Authentication is successful), is that HTTP Authentication cease to exist on the next webpage for the Gecko browsers. It work fine with Internet Explorer.
Anyone know why does the Gecko browser lose the HTTP Authentication data once the PHP location redirect header is used? I'll post the code below.
--snip-- if (!isset($_SERVER['PHP_AUTH_USER'])) { // If empty, send header causing dialog box to appear header('WWW-Authenticate: Basic realm="My Private Stuff"'); header('HTTP/1.0 401 Unauthorized'); } else if (isset($_SERVER['PHP_AUTH_USER'])) { // If non-empty, open file containing valid user info $filename = "/usr/local/apache/conf/whatever"; $fp = fopen($filename, "r"); $file_contents = fread($fp, filesize($filename)); fclose($fp);
// Place each line in user info file into an array $line = explode("\n", $file_contents);
// For as long as $i is <= the size of the $line array, // explode each array element into a username and password pair $i = 0;
while($i <= sizeof($line)) { $data_pair = explode(":", $line[$i]);
if (($data_pair[0] == $_SERVER['PHP_AUTH_USER']) && ($data_pair[1] == MD5($_SERVER['PHP_AUTH_PW']))) { $auth = 1; break; } else { $auth = 0; } $i++; }
if ($auth == 1) { session_id($salt); session_start();
$_SESSION['SESSION_IDENTIFIER'] = $salt;
//echo $_SERVER['PHP_AUTH_USER']." ****"; header("Location: https://".$_SERVER['HTTP_HOST']."/administration/main_menu.php?PHPSESSID=".$salt);
} else { header('WWW-Authenticate: Basic realm="My Private Stuff"'); header('HTTP/1.0 401 Unauthorized'); } }
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
