Manual setting $PHP_AUTH_USER

Anon

Im trying to create a situation where I can have a default username and login using basic php authentication. If I specify $PHP_AUTH_USER="guest"; and $PHP_AUTH_PW="pass"; then send a header("Location: second.php"); , second.php can not get $PHP_AUTH_PW and $PHP_AUTH_USER. without passing the info through the URL, how can I specify I global $PHP_AUTH_USER and PW like the browser does?

Anon

HI
I would like to know how do i make a page expire without using session handling.
The problem is.....A user logs in....visits 2 or 3 pages and by clicking the back key on the browser can still come back to the login page where the password and login are entered. All i want to know is how do i stop him from going back to that page.Kindly reply soon as i need it for my project.
I am using Php3.0.16 on Linux.

Anon

Maybe you should use cookies (i.e. setcookie("loggedin","yes"...etc.) rather then PHP_AUTH_USER and apache's security?

Just a suggestion.

Anon

Maybe you should use cookies (i.e. setcookie("loggedin","yes"...etc.) rather then PHP_AUTH_USER and apache's security?

Just a suggestion.

Anon

This just hit me-

PHP_USER_AUTH is a convenience variable gotten from HTML headers. You can read up specifically on it at
http://www.faqs.org/rfcs/rfc2617.html
...in section 11.1.

Basically PHP populates that info based on a header that the browser sends:

Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

If you can get the browser to send the above variable, then you're in business, and PHP will populate PHP_AUTH_USER for you.

The browser should respond with an "Authorization:" field after it recieves a "WWW-Authenticate: Basic realm="WallyWorld"" header from either apache, or your PHP script. The trouble is that it responds with an Authorization field based on what the user types in, and I can't think of a way that you can force a browser to send you a specific header.

There's a lot of issues here, but it might be easiest to just tell users to log in as guest/guest if they don't have a password.

HTH!

--Robert

Anon

$string = base64_encode($PHP_AUTH_USER.":".$PHP_AUTH_PW);

header("WWW-Authenticate: Basic realm=\"Intranet\"");
header("Authorization: Basic $string\n");

header("Location: files/view.php\n");

I tried this...and the view.php does not get the $PHP_AUTH_USER...I might have to add a few lines in view.php to get the headers and decode the basic string.

Anon

Has anyone actually found a way of authorisation without requiring users to enter the information via browsers??

I have looked everywhere.