I can't remember where the example below came from, but the event handler
for the 're-authenticate' button doesn't allow a re-authentication
following a successful login. If you run the code, it allows you to login
the first time, or even catch the incorrect password and display via the
line with the comments in the authenticate function after 3 failures. But
after a successful login, trying to re-authenticate by hitting the button
only redisplays the network login box without the password. And after 3
failures,
"Password = " . "$_SERVER['PHP_AUTH_PW']" displays just "Password = " so
obviously $_SERVER['PHP_AUTH_PW'] is never getting a value the second time
through.
This IS NOT a mission critical problem, but it is bugging me. It perhaps
is an Apache issue...?
Testing environment is Win2k, Apache 1.3.31 with SSL ( though behavior is
the same on Apache without SSL), and PHP 4.3.7.
Comment very welcomed.
Thanks much,
David
<?php
ERROR_REPORTING(E_ALL ^ E_NOTICE);
function authenticate()
{
header('WWW-Authenticate: Basic realm="Test Authentication
System"');
header('HTTP/1.0 401 Unauthorized');
/** ? **/ echo "Password = " . $_SERVER['PHP_AUTH_PW'] . "<BR>"; // used
for debugging
echo "You must enter a valid login name and password to access
this resource\n";
exit;
}
$qualifiedUsers = array('user1, user2');
$qualifiedPasswords = array('password1, password2');
/**********************************************************************
* reset event handler does not work as expected *
**********************************************************************/
if(IsSet($_POST['authenticator']) && $_POST['authenticator'])
{
unset($qualifiedUsers);
unset($qualifiedPasswords);
unset($_SERVER['PHP_AUTH_USER']);
unset($_SERVER['PHP_AUTH_PW']);
unset($_POST['authenticator']);
}
/***********************************************************************/
// no username
if(!isset($_SERVER['PHP_AUTH_USER']))
{
authenticate();
}
//username but not on list
elseif(isset($_SERVER['PHP_AUTH_USER']) &&
!in_array($_SERVER['PHP_AUTH_USER'], $qualifiedUsers))
{
authenticate();
}
//username ok, but no PW or not on list
elseif(isset($_SERVER['PHP_AUTH_USER']) &&
in_array($user = $_SERVER['PHP_AUTH_USER'],
$qualifiedUsers) &&
!isset($_SERVER['PHP_AUTH_PW']) ||
!in_array($_SERVER['PHP_AUTH_PW'], $qualifiedPasswords))
{
authenticate();
}
//username / PW ok
elseif(isset($_SERVER['PHP_AUTH_USER']) &&
in_array($user = $_SERVER['PHP_AUTH_USER'], $qualifiedUsers) &&
isset($_SERVER['PHP_AUTH_PW']) &&
in_array($pw = $_SERVER['PHP_AUTH_PW'], $qualifiedUsers))
{
echo "Welcome, {$_SERVER['PHP_AUTH_USER']}, using password
{$_SERVER['PHP_AUTH_PW']}.";
echo "<form action='$_PHP_SELF' METHOD='POST'>\n";
echo "<input type='hidden' name='SeenBefore' value='1'>\n";
echo "<input type='submit' name=authenticator value='Re
Authenticate'>\n";
echo "</form></p>\n";
}
unset($_SERVER['PHP_AUTH_USER']);
unset($_SERVER['PHP_AUTH_PW']);
?>
