sigmasternchen/php-doc-en
1
0
Fork 0
mirror of https://github.com/sigmasternchen/php-doc-en synced 2025-03-16 00:48:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Various fixes:

Browse source 
* (en/de only): add two notes about correct spelling of HTTP headers, and
  about the AuthType directive (which must not be set for PHP auth).
* (all): fix spelling (realm="double quoted string, not single"), use
  "Basic" with uppercase B, and remove the duplicate spaces which
  made the example unusable (and were copied to most translations).


git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@49031 c90b9560-bf6c-de11-be94-00142212c4b1
This commit is contained in:
Martin Kraemer 2001-06-01 12:51:38 +00:00
parent 7d131904cf
commit 0bde60cbac
1 changed files with 42 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

63
features/http-auth.xml
View file

@ -8,7 +8,7 @@
<function>Header</function> function to send an "Authentication Required"
message to the client browser causing it to pop up a Username/Password
input window. Once the user has filled in a username and a password,
the URL containing the PHP script will be called again with the variables,
the URL containing the PHP script will be called again with the variables,
$PHP_AUTH_USER, $PHP_AUTH_PW and $PHP_AUTH_TYPE set to the user
name, password and authentication type respectively. Only "Basic"
authentication is supported at this point. See the <function>Header</function>
@ -35,6 +35,16 @@
</programlisting>
</example></para>
<note>
<title>Note</title>
<para>
Please be careful when coding the HTTP header lines. In order to guarantee maximum
compatibility with all clients, the keyword "Basic" should be written with an
uppercase "B", the realm string must be enclosed in double (not single) quotes,
and exactly one space should precede the "401" code in the "HTTP/1.0 401" header line.
</para>
</note>
<para>
Instead of simply printing out the $PHP_AUTH_USER and
$PHP_AUTH_PW, you would probably want to check the username and
@ -42,7 +52,7 @@
or by looking up the user in a dbm file.</para>
<para>
Watch out for buggy Internet Explorer browsers out there. They
z Watch out for buggy Internet Explorer browsers out there. They
seem very picky about the order of the headers. Sending the
<emphasis>WWW-Authenticate</emphasis> header before the
<errorcode>HTTP/1.0 401</errorcode> header seems to do the trick
@ -56,6 +66,17 @@
page. In this case, the $REMOTE_USER variable can be used to
identify the externally-authenticated user.</simpara>
<note>
<title>Configuration Note</title>
<para>
PHP uses the presence of an <literal>AuthType</literal> directive
to determine whether external authentication is in effect.
Remember to avoid this directive for the context where you want to
use PHP authentication (otherwise each authentication attempt
will fail).
</para>
</note>
<simpara>
Note, however, that the above does not prevent someone who
controls a non-authenticated URL from stealing passwords from
@ -71,26 +92,25 @@
<title>HTTP Authentication example forcing a new name/password</title>
<programlisting role="php">
&lt;?php
function authenticate() {
Header( &quot;WWW-authenticate: basic realm=\&quot;Test Authentication System\&quot;&quot;);
Header( &quot;HTTP/1.0 401 Unauthorized&quot;);
echo &quot;You must enter a valid login ID and password to access this resource\n&quot;;
exit;
function authenticate() {
Header( &quot;WWW-Authenticate: Basic realm=\&quot;Test Authentication System\&quot;&quot;);
Header( &quot;HTTP/1.0 401 Unauthorized&quot;);
echo &quot;You must enter a valid login ID and password to access this resource\n&quot;;
exit;
}
if(!isset($PHP_AUTH_USER) || ($SeenBefore == 1 &amp;&amp; !strcmp($OldAuth, $PHP_AUTH_USER)) ) {
authenticate();
}
else {
echo &quot;Welcome: $PHP_AUTH_USER&lt;BR&gt;&quot;;
echo &quot;Old: $OldAuth&quot;;
echo &quot;&lt;FORM ACTION=\&quot;$PHP_SELF\&quot; METHOD=POST&gt;\n&quot;;
echo &quot;&lt;INPUT TYPE=HIDDEN NAME=\&quot;SeenBefore\&quot; VALUE=\&quot;1\&quot;&gt;\n&quot;;
echo &quot;&lt;INPUT TYPE=HIDDEN NAME=\&quot;OldAuth\&quot; VALUE=\&quot;$PHP_AUTH_USER\&quot;&gt;\n&quot;;
echo &quot;&lt;INPUT TYPE=Submit VALUE=\&quot;Re Authenticate\&quot;&gt;\n&quot;;
echo &quot;&lt;/FORM&gt;\n&quot;;
}
if(!isset($PHP_AUTH_USER) || ($SeenBefore == 1 &amp;&amp; !strcmp($OldAuth, $PHP_AUTH_USER)) ) {
authenticate();
}
else {
echo &quot;Welcome: $PHP_AUTH_USER&lt;BR&gt;&quot;;
echo &quot;Old: $OldAuth&quot;;
echo &quot;&lt;FORM ACTION=\&quot;$PHP_SELF\&quot; METHOD=POST&gt;\n&quot;;
echo &quot;&lt;INPUT TYPE=HIDDEN NAME=\&quot;SeenBefore\&quot; VALUE=\&quot;1\&quot;&gt;\n&quot;;
echo &quot;&lt;INPUT TYPE=HIDDEN NAME=\&quot;OldAuth\&quot; VALUE=\&quot;$PHP_AUTH_USER\&quot;&gt;\n&quot;;
echo &quot;&lt;INPUT TYPE=Submit VALUE=\&quot;Re Authenticate\&quot;&gt;\n&quot;;
echo &quot;&lt;/FORM&gt;\n&quot;;
}
?>
</programlisting>
</example>
@ -107,6 +127,7 @@
Also note that this does not work using Microsoft's IIS server and
the CGI version of PHP due to a limitation of IIS.
</simpara>
</chapter>
<!-- Keep this comment at the end of the file