I would like to protect a few pages of a site and I am using the code snippet that is available from about a million sites for user authentication.
Code: Select all
<?php
if (!isset($_SERVER['PHP_AUTH_USER']) or !isset($_SERVER['PHP_AUTH_PW']) or ($_SERVER['PHP_AUTH_PW'] != "test")) {
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo "Invalid password";
exit;
}
?>But in case of failed login I'd like to redirect the user back to home page or the page where they clicked the link that evoked user authentication. If I replace the echo with header, the user authentication will never be popped.
If I remove the password checking from the if clause and add the following...
Code: Select all
if ($_SERVER['PHP_AUTH_PW'] != "test")
{
header('location: http://www.myhome.com');
exit;
}So I'm not getting any error messages, it's just that I don't understand the logic or code flow of PHP.
As an additional question, is there some way of inserting a message like 'Username/password was incorrect.' to the authentication popup in case invalid credentials are entered? That isn't really critical, as it should be self-evident that the creadentials were invalid when the authentication window pops for the second and third times, but it would at least offer a more 'explanatory UI'.
Thanks,
Marko