Re: HTTP authentication

You are correct.  I was keeping it simple since his original question was
merely on the "logout" button.


Adam Lang
Systems Engineer
Rutgers Casualty Insurance Company
http://www.rutgersinsurance.com
----- Original Message -----
From: "Jason k Larson" <jlarson@harrison.org>
To: "PgSQL-PHP" <pgsql-php@postgresql.org>
Sent: Friday, April 27, 2001 2:46 PM
Subject: Re: [PHP] HTTP authentication


> This is all good but needs to be dealing with the password as a
> hash/digest not the real clear text password.  I would use SHA1
> (SHA-160) or MD5.
>
> Jason k Larson
> Web Developer++
>
>
> AL> The way i do it is have a separate table in the database that keeps
track of
> AL> users and passwords for the application.
>
> AL> I use the WWW-Authenticate header to get $PHP_AUTH_USER and
$PHP_AUTH_PW
>
> AL> I run them through the table using a select query.  If I come back
with a
> AL> match, I set a variable, $auth, equal to true.
>
> AL> If $auth is equal to true, they can perform whatever functions in the
page I
> AL> have.
>
> AL> I don't have a log out button, but all I would probably do would be
set
> AL> $auth = false and unset the $PHP... variables.
>
> AL> Adam Lang
> AL> Systems Engineer
> AL> Rutgers Casualty Insurance Company
> AL> http://www.rutgersinsurance.com
> AL> ----- Original Message -----
> AL> From: "Christian Marschalek" <cm@chello.at>
> AL> To: "'Adam Lang'" <aalang@rutgersinsurance.com>
> AL> Cc: "[PHP] PostgreSQL" <pgsql-php@postgresql.org>
> AL> Sent: Friday, April 27, 2001 11:43 AM
> AL> Subject: RE: [PHP] HTTP authentication
>
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: if posting/reading through Usenet, please send an appropriate
> subscribe-nomail command to majordomo@postgresql.org so that your
> message can get through to the mailing list cleanly