Re: HTTP authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



The way i do it is have a separate table in the database that keeps track of
users and passwords for the application.

I use the WWW-Authenticate header to get $PHP_AUTH_USER and $PHP_AUTH_PW

I run them through the table using a select query.  If I come back with a
match, I set a variable, $auth, equal to true.

If $auth is equal to true, they can perform whatever functions in the page I
have.

I don't have a log out button, but all I would probably do would be set
$auth = false and unset the $PHP... variables.

Adam Lang
Systems Engineer
Rutgers Casualty Insurance Company
http://www.rutgersinsurance.com
----- Original Message -----
From: "Christian Marschalek" <cm@xxxxxxxxx>
To: "'Adam Lang'" <aalang@xxxxxxxxxxxxxxxxxxxx>
Cc: "[PHP] PostgreSQL" <pgsql-php@xxxxxxxxxxxxxx>
Sent: Friday, April 27, 2001 11:43 AM
Subject: RE: [PHP] HTTP authentication


> I guess simple HTTP authentication where I get the username and pass and
> check it with the database... Maybe encrypting.
>
> What would you recommend? I haven't done something like that before.
> It's my first project which needs authentication!
>
> Don't have a clue:)
>
> > -----Original Message-----
> > From: pgsql-php-owner@xxxxxxxxxxxxxx
> > [mailto:pgsql-php-owner@xxxxxxxxxxxxxx] On Behalf Of Adam Lang
> > Sent: Thursday, April 26, 2001 9:10 PM
> > To: pgsql-php@xxxxxxxxxxxxxx
> > Subject: Re: [PHP] HTTP authentication
> >
> >
> > Are you doing authentication using sessions?  Are you using
> > timestamps in a database? Are you using http-auth? etc.
> >
> > There are several ways to do authentication and if you want
> > to do a "logout" button, the code would need to clear
> > whatever is holding references to that login... hence you
> > need to say how you are doing authentication so you know what
> > needs to be cleaned up with a log out code.
> >
> > Adam Lang
> > Systems Engineer
> > Rutgers Casualty Insurance Company http://www.rutgersinsurance.com
> > ----- Original Message -----
> > From: "Christian Marschalek" <cm@xxxxxxxxx>
> > To: "'Adam Lang'" <aalang@xxxxxxxxxxxxxxxxxxxx>
> > Sent: Thursday, April 26, 2001 3:03 PM
> > Subject: RE: [PHP] HTTP authentication
> >
> >
> > > Can't see how this answers my questions :o)
> > >
> > > What matters?
> > >
> > > How would you do it?
> > >
> > > Thanks for your time, Chris
> > >
> > > > -----Original Message-----
> > > > From: pgsql-php-owner@xxxxxxxxxxxxxx
> > > > [mailto:pgsql-php-owner@xxxxxxxxxxxxxx] On Behalf Of Adam Lang
> > > > Sent: Thursday, April 26, 2001 8:42 PM
> > > > To: pgsql-php@xxxxxxxxxxxxxx
> > > > Subject: Re: [PHP] HTTP authentication
> > > >
> > > >
> > > > It matters.  There are about a dozen ways to do authentication.
> > > >
> > > > Adam Lang
> > > > Systems Engineer
> > > > Rutgers Casualty Insurance Company http://www.rutgersinsurance.com
> > > > ----- Original Message -----
> > > > From: "Christian Marschalek" <cm@xxxxxxxxx>
> > > > To: <pgsql-php@xxxxxxxxxxxxxx>
> > > > Sent: Thursday, April 26, 2001 12:45 PM
> > > > Subject: [PHP] HTTP authentication
> > > >
> > > >
> > > > > Hi all!
> > > > >
> > > > > I've read about http authentication with PHP in the PHP manual.
> > > > >
> > > > > Now I wonder how I can make a logout button in the way its
> > > > supposed to
> > > > > be
> > > > done? The manual mentions something about the headers but
> > that this
> > > > way does not work correct on all browsers...
> > > > >
> > > > > Furthermore I wonder how secure this way is?
> > > > >
> > > > > Tia
> > > > >
> > > > >
> > > > > ---------------------------(end of
> > > > > broadcast)---------------------------
> > > > > TIP 2: you can get off all lists at once with the
> > unregister command
> > > > >     (send "unregister YourEmailAddressHere" to
> > > > majordomo@xxxxxxxxxxxxxx)
> > > >
> > > >
> > > > ---------------------------(end of
> > > > broadcast)---------------------------
> > > > TIP 4: Don't 'kill -9' the postmaster
> > > >
> >
> >
> > ---------------------------(end of
> > broadcast)---------------------------
> > TIP 6: Have you searched our list archives?
> >
> http://www.postgresql.org/search.mpl


---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
    (send "unregister YourEmailAddressHere" to majordomo@xxxxxxxxxxxxxx)





[Index of Archives]     [Postgresql General]     [Postgresql Admin]     [PHP Users]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Yosemite Backpacking]     [Postgresql Jobs]

  Powered by Linux