Re: HTTP authentication

This is all good but needs to be dealing with the password as a
hash/digest not the real clear text password.  I would use SHA1
(SHA-160) or MD5.

Jason k Larson
Web Developer++


AL> The way i do it is have a separate table in the database that keeps track of
AL> users and passwords for the application.

AL> I use the WWW-Authenticate header to get $PHP_AUTH_USER and $PHP_AUTH_PW

AL> I run them through the table using a select query.  If I come back with a
AL> match, I set a variable, $auth, equal to true.

AL> If $auth is equal to true, they can perform whatever functions in the page I
AL> have.

AL> I don't have a log out button, but all I would probably do would be set
AL> $auth = false and unset the $PHP... variables.

AL> Adam Lang
AL> Systems Engineer
AL> Rutgers Casualty Insurance Company
AL> http://www.rutgersinsurance.com
AL> ----- Original Message -----
AL> From: "Christian Marschalek" <cm@chello.at>
AL> To: "'Adam Lang'" <aalang@rutgersinsurance.com>
AL> Cc: "[PHP] PostgreSQL" <pgsql-php@postgresql.org>
AL> Sent: Friday, April 27, 2001 11:43 AM
AL> Subject: RE: [PHP] HTTP authentication