Redirect after cancelled or invalid user authentication?
Posted: Fri Apr 02, 2004 6:37 am
Hi,
I would like to protect a few pages of a site and I am using the code snippet that is available from about a million sites for user authentication.
This displays the authentication popup, and I can either cancel or enter the password max. 3 times. If not successful the echo is printed on an otherwise blank page.
But in case of failed login I'd like to redirect the user back to home page or the page where they clicked the link that evoked user authentication. If I replace the echo with header, the user authentication will never be popped.
If I remove the password checking from the if clause and add the following...
... I'll get some strange behaviour. If I insert correct password, it works. If I cancel, I get the echo which is also OK. If I give incorrect credentials (once!), I get redirected to the home page BUT if I then click the link again, I get the protected pages immediately. I wonder why?
So I'm not getting any error messages, it's just that I don't understand the logic or code flow of PHP.
As an additional question, is there some way of inserting a message like 'Username/password was incorrect.' to the authentication popup in case invalid credentials are entered? That isn't really critical, as it should be self-evident that the creadentials were invalid when the authentication window pops for the second and third times, but it would at least offer a more 'explanatory UI'.
Thanks,
Marko
I would like to protect a few pages of a site and I am using the code snippet that is available from about a million sites for user authentication.
Code: Select all
<?php
if (!isset($_SERVER['PHP_AUTH_USER']) or !isset($_SERVER['PHP_AUTH_PW']) or ($_SERVER['PHP_AUTH_PW'] != "test")) {
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo "Invalid password";
exit;
}
?>But in case of failed login I'd like to redirect the user back to home page or the page where they clicked the link that evoked user authentication. If I replace the echo with header, the user authentication will never be popped.
If I remove the password checking from the if clause and add the following...
Code: Select all
if ($_SERVER['PHP_AUTH_PW'] != "test")
{
header('location: http://www.myhome.com');
exit;
}So I'm not getting any error messages, it's just that I don't understand the logic or code flow of PHP.
As an additional question, is there some way of inserting a message like 'Username/password was incorrect.' to the authentication popup in case invalid credentials are entered? That isn't really critical, as it should be self-evident that the creadentials were invalid when the authentication window pops for the second and third times, but it would at least offer a more 'explanatory UI'.
Thanks,
Marko