The way i do it is have a separate table in the database that keeps track of users and passwords for the application. I use the WWW-Authenticate header to get $PHP_AUTH_USER and $PHP_AUTH_PW I run them through the table using a select query. If I come back with a match, I set a variable, $auth, equal to true. If $auth is equal to true, they can perform whatever functions in the page I have. I don't have a log out button, but all I would probably do would be set $auth = false and unset the $PHP... variables. Adam Lang Systems Engineer Rutgers Casualty Insurance Company http://www.rutgersinsurance.com ----- Original Message ----- From: "Christian Marschalek" <cm@xxxxxxxxx> To: "'Adam Lang'" <aalang@xxxxxxxxxxxxxxxxxxxx> Cc: "[PHP] PostgreSQL" <pgsql-php@xxxxxxxxxxxxxx> Sent: Friday, April 27, 2001 11:43 AM Subject: RE: [PHP] HTTP authentication > I guess simple HTTP authentication where I get the username and pass and > check it with the database... Maybe encrypting. > > What would you recommend? I haven't done something like that before. > It's my first project which needs authentication! > > Don't have a clue:) > > > -----Original Message----- > > From: pgsql-php-owner@xxxxxxxxxxxxxx > > [mailto:pgsql-php-owner@xxxxxxxxxxxxxx] On Behalf Of Adam Lang > > Sent: Thursday, April 26, 2001 9:10 PM > > To: pgsql-php@xxxxxxxxxxxxxx > > Subject: Re: [PHP] HTTP authentication > > > > > > Are you doing authentication using sessions? Are you using > > timestamps in a database? Are you using http-auth? etc. > > > > There are several ways to do authentication and if you want > > to do a "logout" button, the code would need to clear > > whatever is holding references to that login... hence you > > need to say how you are doing authentication so you know what > > needs to be cleaned up with a log out code. > > > > Adam Lang > > Systems Engineer > > Rutgers Casualty Insurance Company http://www.rutgersinsurance.com > > ----- Original Message ----- > > From: "Christian Marschalek" <cm@xxxxxxxxx> > > To: "'Adam Lang'" <aalang@xxxxxxxxxxxxxxxxxxxx> > > Sent: Thursday, April 26, 2001 3:03 PM > > Subject: RE: [PHP] HTTP authentication > > > > > > > Can't see how this answers my questions :o) > > > > > > What matters? > > > > > > How would you do it? > > > > > > Thanks for your time, Chris > > > > > > > -----Original Message----- > > > > From: pgsql-php-owner@xxxxxxxxxxxxxx > > > > [mailto:pgsql-php-owner@xxxxxxxxxxxxxx] On Behalf Of Adam Lang > > > > Sent: Thursday, April 26, 2001 8:42 PM > > > > To: pgsql-php@xxxxxxxxxxxxxx > > > > Subject: Re: [PHP] HTTP authentication > > > > > > > > > > > > It matters. There are about a dozen ways to do authentication. > > > > > > > > Adam Lang > > > > Systems Engineer > > > > Rutgers Casualty Insurance Company http://www.rutgersinsurance.com > > > > ----- Original Message ----- > > > > From: "Christian Marschalek" <cm@xxxxxxxxx> > > > > To: <pgsql-php@xxxxxxxxxxxxxx> > > > > Sent: Thursday, April 26, 2001 12:45 PM > > > > Subject: [PHP] HTTP authentication > > > > > > > > > > > > > Hi all! > > > > > > > > > > I've read about http authentication with PHP in the PHP manual. > > > > > > > > > > Now I wonder how I can make a logout button in the way its > > > > supposed to > > > > > be > > > > done? The manual mentions something about the headers but > > that this > > > > way does not work correct on all browsers... > > > > > > > > > > Furthermore I wonder how secure this way is? > > > > > > > > > > Tia > > > > > > > > > > > > > > > ---------------------------(end of > > > > > broadcast)--------------------------- > > > > > TIP 2: you can get off all lists at once with the > > unregister command > > > > > (send "unregister YourEmailAddressHere" to > > > > majordomo@xxxxxxxxxxxxxx) > > > > > > > > > > > > ---------------------------(end of > > > > broadcast)--------------------------- > > > > TIP 4: Don't 'kill -9' the postmaster > > > > > > > > > > ---------------------------(end of > > broadcast)--------------------------- > > TIP 6: Have you searched our list archives? > > > http://www.postgresql.org/search.mpl ---------------------------(end of broadcast)--------------------------- TIP 2: you can get off all lists at once with the unregister command (send "unregister YourEmailAddressHere" to majordomo@xxxxxxxxxxxxxx)