RE: php_auth_user

From: Peter Marko (marko@limba.sk)
Date: 07. 10. 2002, 10:16 CEST


> > Zdravim,
> > 
> > Mam stranky chranene $PHP_AUTH_USER a 
> > $PHP_AUTH_PW. Ako mozem vytvorit nieco ako 
> > odhlasenie zo zabezpecenej zony tak, aby som 
> > sa hned vedel prihlasit ako iny zaregistrovany 
> > uzivatel bez nutnosti zatvorenia prehliadaca? 
> > Chcel by som teda vynulovat realm. Ako na to?
> > 
> 
> zdravim
> 
> tu 
> http://www.endamcg.com/main/guides/htaccess-ssi-password-area.zip je
> snaha o cosi podobne v apache (bez php), mozno ta to inspiruje k
> prisposobeniu na php-ko ;-)
> 

pripadne este jedna moznost (sorry, ale nechce sa mi to prekladat):

Create a custom 401 error page for the directory, then add a login form
etc to the error page.

When the user clicks logout, then they are shown the password prompt
again, if they want to log in again they can, otherwise they click
cancel and see the 401 error page.

What you are trying to acheive is a workaroud, not the actual way that
this is supposed to be. Htaccess does not support a "logout" function so
logging in as another user defeats the security that htaccess provides
as you need to do other server side checks to make sure that the fake
user does not access the directory. 

For this reason, you don't want to login as an actual user but instead
trick the browser into requiring the username and password again by
sending incorrect details.



This archive was generated by hypermail 2.1.2 : 07. 10. 2002, 10:14 CEST