On 26 Dec 2001, Andrew McMillan wrote: > On Wed, 2001-12-26 at 12:24, Stephan Borg wrote: > > Hello there, > > > > I'm hoping that someone has tried this already. I am currently trying to > > write code, that prompts the user with a www-authentication logon and > > proceeds to verify if the credentials are a valid Postgresql user (incl > > password) before proceeding. > > We have code to do this in the office somewhere. It isn't hard. Follow > the PHP examples and try a connect to the database with the credentials > you have got from the auth. > > I don't actually do this for any of my sites, however. I find that > database user != system user in 99.9% of cases. In addition I find that > the www-authentication method makes for a crude login process. > > E-mail me off-list if you can't figure it out and I will dig out the > code for you. A couple of quick gotchas. 1) make sure you filter out all unwanted characters so someone can't execute sql calls inside of a username or password. 2) On failure make sure you send a 401 to the browser just like you do initially when asking for the password to clear out the old one - you can also use this to handle logouts. Vince. -- ========================================================================== Vince Vielhaber -- KA8CSH email: vev@xxxxxxxxxxx http://www.pop4.net 56K Nationwide Dialup from $16.00/mo at Pop4 Networking Online Campground Directory http://www.camping-usa.com Online Giftshop Superstore http://www.cloudninegifts.com ==========================================================================
