Re: HTTP authentication

The way i do it is have a separate table in the database that keeps track of
users and passwords for the application.

I use the WWW-Authenticate header to get $PHP_AUTH_USER and $PHP_AUTH_PW

I run them through the table using a select query. If I come back with a
match, I set a variable, $auth, equal to true.

If $auth is equal to true, they can perform whatever functions in the page I
have.

I don't have a log out button, but all I would probably do would be set
$auth = false and unset the $PHP... variables.

Adam Lang
Systems Engineer
Rutgers Casualty Insurance Company
http://www.rutgersinsurance.com
----- Original Message -----
From: "Christian Marschalek" <cm(at)chello(dot)at>
To: "'Adam Lang'" <aalang(at)rutgersinsurance(dot)com>
Cc: "[PHP] PostgreSQL" <pgsql-php(at)postgresql(dot)org>
Sent: Friday, April 27, 2001 11:43 AM
Subject: RE: [PHP] HTTP authentication

> I guess simple HTTP authentication where I get the username and pass and
> check it with the database... Maybe encrypting.
>
> What would you recommend? I haven't done something like that before.
> It's my first project which needs authentication!
>
> Don't have a clue:)
>
> > -----Original Message-----
> > From: pgsql-php-owner(at)postgresql(dot)org
> > [mailto:pgsql-php-owner(at)postgresql(dot)org] On Behalf Of Adam Lang
> > Sent: Thursday, April 26, 2001 9:10 PM
> > To: pgsql-php(at)postgresql(dot)org
> > Subject: Re: [PHP] HTTP authentication
> >
> >
> > Are you doing authentication using sessions? Are you using
> > timestamps in a database? Are you using http-auth? etc.
> >
> > There are several ways to do authentication and if you want
> > to do a "logout" button, the code would need to clear
> > whatever is holding references to that login... hence you
> > need to say how you are doing authentication so you know what
> > needs to be cleaned up with a log out code.
> >
> > Adam Lang
> > Systems Engineer
> > Rutgers Casualty Insurance Company http://www.rutgersinsurance.com
> > ----- Original Message -----
> > From: "Christian Marschalek" <cm(at)chello(dot)at>
> > To: "'Adam Lang'" <aalang(at)rutgersinsurance(dot)com>
> > Sent: Thursday, April 26, 2001 3:03 PM
> > Subject: RE: [PHP] HTTP authentication
> >
> >
> > > Can't see how this answers my questions :o)
> > >
> > > What matters?
> > >
> > > How would you do it?
> > >
> > > Thanks for your time, Chris
> > >
> > > > -----Original Message-----
> > > > From: pgsql-php-owner(at)postgresql(dot)org
> > > > [mailto:pgsql-php-owner(at)postgresql(dot)org] On Behalf Of Adam Lang
> > > > Sent: Thursday, April 26, 2001 8:42 PM
> > > > To: pgsql-php(at)postgresql(dot)org
> > > > Subject: Re: [PHP] HTTP authentication
> > > >
> > > >
> > > > It matters. There are about a dozen ways to do authentication.
> > > >
> > > > Adam Lang
> > > > Systems Engineer
> > > > Rutgers Casualty Insurance Company http://www.rutgersinsurance.com
> > > > ----- Original Message -----
> > > > From: "Christian Marschalek" <cm(at)chello(dot)at>
> > > > To: <pgsql-php(at)postgresql(dot)org>
> > > > Sent: Thursday, April 26, 2001 12:45 PM
> > > > Subject: [PHP] HTTP authentication
> > > >
> > > >
> > > > > Hi all!
> > > > >
> > > > > I've read about http authentication with PHP in the PHP manual.
> > > > >
> > > > > Now I wonder how I can make a logout button in the way its
> > > > supposed to
> > > > > be
> > > > done? The manual mentions something about the headers but
> > that this
> > > > way does not work correct on all browsers...
> > > > >
> > > > > Furthermore I wonder how secure this way is?
> > > > >
> > > > > Tia
> > > > >
> > > > >
> > > > > ---------------------------(end of
> > > > > broadcast)---------------------------
> > > > > TIP 2: you can get off all lists at once with the
> > unregister command
> > > > > (send "unregister YourEmailAddressHere" to
> > > > majordomo(at)postgresql(dot)org)
> > > >
> > > >
> > > > ---------------------------(end of
> > > > broadcast)---------------------------
> > > > TIP 4: Don't 'kill -9' the postmaster
> > > >
> >
> >
> > ---------------------------(end of
> > broadcast)---------------------------
> > TIP 6: Have you searched our list archives?
> >
> http://www.postgresql.org/search.mpl