SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Guru DeNasio's Avatar
    Join Date
    May 2001
    Posts
    830
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question about $_SERVER['PHP_AUTH_PW']

    I'm currently creating a site where users have to enter a password to enter a certain area. They only need to enter a password, no username. All users use the same password to enter the area. I want to use $_SERVER['PHP_AUTH_PW'] to achieve this. I have the following question:

    1. When members enter the password in a the form and hit the submit button I first check if the password is correct and then I define $_SERVER['PHP_AUTH_PW'] = $password. I assume that this is a correct way to give $_SERVER['PHP_AUTH_PW'] a value?

    2. Do I need to send the password as a hidden variable everytime I call the script or is this done automatically?
    Ballot-Box.net - free polls for webmasters
    FormLog.com - free form processor

  2. #2
    SitePoint Wizard silver trophy
    Join Date
    Mar 2006
    Posts
    6,132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    see
    http://www.php.net/manual/en/features.http-auth.php

    due the the restriction of php having to run as an apache module, personally, id go a different route.

    just give them a form to enter the password into, validate it, if its good, start a session and set a logged_in var to true.

  3. #3
    SitePoint Guru DeNasio's Avatar
    Join Date
    May 2001
    Posts
    830
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by clamcrusher View Post
    see
    http://www.php.net/manual/en/features.http-auth.php

    due the the restriction of php having to run as an apache module, personally, id go a different route.
    I did, but I still had those 2 questions. I donīt want to display an authentication popup, just a simple form on the page asking for the username.
    Ballot-Box.net - free polls for webmasters
    FormLog.com - free form processor

  4. #4
    SitePoint Wizard silver trophy
    Join Date
    Mar 2006
    Posts
    6,132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    something like
    PHP Code:
    session_start();

    if (isset(
    $_POST['pass'])) {
        if (
    $_POST['pass'] == 'foo') {
            
    $_SESSION['auth'] = true;
        } else {
            
    $_SESSION['auth'] = false;
        }
    }

    if (empty(
    $_SESSION['auth'])) {
        echo 
    'the login form...';
        exit;

    calling something like that as an include on every page should do what you want. its critical that its the very first thing in any script which needs to be protected.

  5. #5
    SitePoint Evangelist mrwooster's Avatar
    Join Date
    Jan 2006
    Posts
    518
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Its much better and more secure to use Sessions, if you use server variables there is a potential security risk as server variables can be accessed through phpinfo();

  6. #6
    SitePoint Guru DeNasio's Avatar
    Join Date
    May 2001
    Posts
    830
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by mrwooster View Post
    Its much better and more secure to use Sessions, if you use server variables there is a potential security risk as server variables can be accessed through phpinfo();
    Does using Session use "more bandwidth" than not using Session?
    Ballot-Box.net - free polls for webmasters
    FormLog.com - free form processor

  7. #7
    SitePoint Evangelist mrwooster's Avatar
    Join Date
    Jan 2006
    Posts
    518
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    As far as bandwidth goes - there will be no difference as bandwidth is the amount of data transmitted to and from your server to the client, all php processing is done on the server side and so does not take up any bandwidth. If you mean processing time, I am not too sure, but I would estimate that about 90% of all php sites with login systems will use sessions. It is certainly the best way to do it.

  8. #8
    SitePoint Guru DeNasio's Avatar
    Join Date
    May 2001
    Posts
    830
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by mrwooster View Post
    As far as bandwidth goes - there will be no difference as bandwidth is the amount of data transmitted to and from your server to the client, all php processing is done on the server side and so does not take up any bandwidth. If you mean processing time, I am not too sure, but I would estimate that about 90% of all php sites with login systems will use sessions. It is certainly the best way to do it.
    I never liked using Session on a busy site. I only use Session in de user login area. I always thought that using Session on a very busy site causes lots of extra processing time for the server because of all the session variables it has to manage. Am I right in thinking this?
    Ballot-Box.net - free polls for webmasters
    FormLog.com - free form processor

  9. #9
    SitePoint Wizard silver trophy
    Join Date
    Mar 2006
    Posts
    6,132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    its extra processing if your putting data into a session thats not needed.

    if the data is needed, then you must fetch the data somehow. this is what sessions are designed for, and are quite fast. but yes, everything you do requires extra processing(whether it be sessions or not).

    whats your alternative? a database? do you not think a database has overhead?


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •