I have a single web page that needs to be password protected. I have implemented HTTP authentication with the following code:
Code: Select all
<?php
# include required database files
include('db_login.php');
require_once('DB.php');
if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) {
header('WWW-Authenticate: Basic realm="Member Area"');
header("HTTP/1.0 401 Unauthorized");
echo "You must enter a username and password combination!";
exit;
}
$web_username = $_SERVER['PHP_AUTH_USER'];
$web_password = $_SERVER['PHP_AUTH_PW'];
$connection=DB::connect("mysql://$db_username:$db_password@$db_host/$db_database");
if (DB::isError($connection)){
die("Could not connect to database. Please try again later.");
}
$user_query = "SELECT `id`, `username` FROM `ppp_users` WHERE `username` = '".$web_username."' AND `password` = '".$web_password."' LIMIT 1";
$user_result = $connection->query($user_query);
if (DB::iserror($search_query)) {
die($user_query->getMessage( ));
}
if (!$row = $user_result->fetchRow(DB_FETCHMODE_ASSOC)) {
header('WWW-Authenticate: Basic realm="Member Area"');
header("HTTP/1.0 401 Unauthorized");
echo "Your username and password combination was incorrect. Please try again.";
exit;
}
?>
Does anybody know what I could add to this script to cause it to automatically re-prompt for user and password after a bad entry, or at least provide a retry link? I would rather stay with HTTP authentication because it seems much simpler than session-based authentication, but I really don't know much about either. Thanks!