Hi Guys,
Im trying to create A decent login system for my users and im trying to use the header WWW-Authenticate This is what i have and it works But i have 2 issues, 1 How do i log a user out. and Im getting this error in ie8 but not mozilla is there anything i can do stop fix this?..
Warning: This server is requesting that your username and password be sent in an insecure manner(basic authentication without a secure connection)
Most inportant is being able to clear the Authentication Varible so a user can try to log in again if they miss spell there username or somthing lik that or wanting to log out, I thought the header('HTTP/1.0 401 Unauthorized') would log them out,,, am i missunderstanding the concept?
Code: Select all
<?php
include_once($_SERVER['DOCUMENT_ROOT'].'/includes/global.php');
$d = new User();
$d->connect(HOST, USERNAME, PASSWORD, DATABASE);
//if the use hits cancle do this stuff
if (!isset($_SERVER['PHP_AUTH_USER']))
{
header('WWW-Authenticate: Basic realm="Sales Coastal Coasters"');
header('HTTP/1.0 401 Unauthorized');
echo 'Text to send if user hits Cancel button';
exit;
}
// checks the user_name and pass_word with query, if found directs them to info.php
// would like to send this stuff with md5 but have no idear how
else
{
$d->query("SELECT * FROM sales_people WHERE user_name = MD5('{$_SERVER['PHP_AUTH_USER']}') && pass_word = MD5('{$_SERVER['PHP_AUTH_PW']}');");
if ($d->next())
{
$host = $_SERVER['HTTP_HOST'];
$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
$extra = 'admin/sales_ppl_list.php';
header("Location: http://$host$uri/$extra");
exit;
}
else
{
//If fail sends to other page
header("HTTP/1.0 401 Unauthorized");
$host = $_SERVER['HTTP_HOST'];
$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
$extra = 'login.php';
header("Location: http://$host$uri/$extra");
unset ($_SERVER['PHP_AUTH_USER']);
unset ($_SERVER['PHP_AUTH_PW']);
print "Sorry - you need valid credentials to be granted access!\n";
exit;
}
}
?>