Join Up! 104884 members and counting!

Login To PHPBuilder User Name: Password: Register A New Site Account * NOTE: This is for logging into the main site only! To login to the forums, click here

Linux Today Enterprise Linux Today Apache Today JustLinux.com Linux Planet PHPBuilder All Linux Devices Hiermenus DatabaseJournal Technology Jobs Covalent Extends Apache 2.0 to Microsoft ASP.NET ShopWorX - Support for Windows PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1 Network Risk Assessment Full-Featured, Java-Based Apache GUI Graphing With Flash (SWF) 5 Popular PHP Template Engines Worth Checking Out Creating a PHP Script for Web Mail Posting and Notification The PHP Fat-Free Framework: Slim Down Your PHP Development Interfacing with MS Access

php-general | 2000071

From: Danny Rice (dwrice <email protected>)
Date: 07/03/00

• Next message: clayton collie: "Re: [PHP] Converting Perl to PHP?"
• Previous message: Adam Charnock: "[PHP] HTML Table into 2D array"
• In reply to: scottrus <email protected>: "Re: [PHP] getting rid of form variable definition"
• Next in thread: Rasmus Lerdorf: "Re: [PHP] getting rid of form variable definition"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

scottrus <email protected> writes:
>Danny -
>
>Then you want to call unset($reauthenticate) some where after
>you complete your auth function.

Problem with this is that the auth function does:

  Header( "WWW-authenticate: basic realm=\"$realm\"");
  Header( "HTTP/1.0 401 Unauthorized");

which causes the browser to popup the user/password prompt and then
resubmits the script with its previous variables. Variables you unset
in the current script are irrelevant because the script is recalled
and the browser passes the variables it passed the previous call (I
believe this is what happens) plus the updated $PHP_AUTH_USER and
$PHP_AUTH_PW variables. I wonder if you can get the browser not to
send back the previous variables; but only the $PHP_AUTH_USER and
$PHP_AUTH_PW.

>Side note. Be sure you check that you're pulling in the
>POST var $reauthenticate and not something else like the
>GET var $reauthenticate. In php4 you can do this:
>
> newauth = $HTTP_POST_VARS["reauthenticate"];
>
>If you don't, a user might pull something like this on you:
>
> http://www.mysite.com/auth_script.php?reauthenticate=username
>
>and PHP would happily fill $reauthenticate with 'username'.
>
>The standard order for var population in php4 is GET, POST, Cookies
>iirc.
>
>On Mon, Jul 03, 2000 at 01:40:28PM -0500, Danny Rice wrote:
>> Sorry about my lack of clarity, $reauthenticate was set via
>> <INPUT TYPE=SUBMIT NAME=reauthenticate VALUE="Change User">
>>
>> After authentication() I would like the reauthenticate variable to go
>> away.
>
>--
> Scott
>
>--
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, e-mail: php-general-unsubscribe <email protected>
>For additional commands, e-mail: php-general-help <email protected>
>To contact the list administrators, e-mail: php-list-admin <email protected>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: php-general-unsubscribe <email protected>
For additional commands, e-mail: php-general-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>

• Next message: clayton collie: "Re: [PHP] Converting Perl to PHP?"
• Previous message: Adam Charnock: "[PHP] HTML Table into 2D array"
• In reply to: scottrus <email protected>: "Re: [PHP] getting rid of form variable definition"
• Next in thread: Rasmus Lerdorf: "Re: [PHP] getting rid of form variable definition"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Columns / Articles | Tips / Quickies | News | News Linking and RSS Feeds | Shared Code Library Mail Archives | Support / Discussion Forums | Get Started! Links | Contribute! | Docs