SitePoint Sponsor |
|
User Tag List
Results 1 to 9 of 9
-
Dec 10, 2006, 11:03 #1
Question about $_SERVER['PHP_AUTH_PW']
I'm currently creating a site where users have to enter a password to enter a certain area. They only need to enter a password, no username. All users use the same password to enter the area. I want to use $_SERVER['PHP_AUTH_PW'] to achieve this. I have the following question:
1. When members enter the password in a the form and hit the submit button I first check if the password is correct and then I define $_SERVER['PHP_AUTH_PW'] = $password. I assume that this is a correct way to give $_SERVER['PHP_AUTH_PW'] a value?
2. Do I need to send the password as a hidden variable everytime I call the script or is this done automatically?
-
Dec 10, 2006, 11:09 #2
- Join Date
- Mar 2006
- Posts
- 6,132
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
see
http://www.php.net/manual/en/features.http-auth.php
due the the restriction of php having to run as an apache module, personally, id go a different route.
just give them a form to enter the password into, validate it, if its good, start a session and set a logged_in var to true.
-
Dec 10, 2006, 11:12 #3
-
Dec 10, 2006, 11:41 #4
- Join Date
- Mar 2006
- Posts
- 6,132
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
something like
PHP Code:session_start();
if (isset($_POST['pass'])) {
if ($_POST['pass'] == 'foo') {
$_SESSION['auth'] = true;
} else {
$_SESSION['auth'] = false;
}
}
if (empty($_SESSION['auth'])) {
echo 'the login form...';
exit;
}
-
Dec 10, 2006, 11:58 #5
Its much better and more secure to use Sessions, if you use server variables there is a potential security risk as server variables can be accessed through phpinfo();
-
Dec 10, 2006, 12:24 #6
-
Dec 10, 2006, 12:29 #7
As far as bandwidth goes - there will be no difference as bandwidth is the amount of data transmitted to and from your server to the client, all php processing is done on the server side and so does not take up any bandwidth. If you mean processing time, I am not too sure, but I would estimate that about 90% of all php sites with login systems will use sessions. It is certainly the best way to do it.
-
Dec 10, 2006, 12:44 #8
I never liked using Session on a busy site. I only use Session in de user login area. I always thought that using Session on a very busy site causes lots of extra processing time for the server because of all the session variables it has to manage. Am I right in thinking this?
-
Dec 10, 2006, 13:12 #9
- Join Date
- Mar 2006
- Posts
- 6,132
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
its extra processing if your putting data into a session thats not needed.
if the data is needed, then you must fetch the data somehow. this is what sessions are designed for, and are quite fast. but yes, everything you do requires extra processing(whether it be sessions or not).
whats your alternative? a database? do you not think a database has overhead?
Bookmarks