http authentication retry

ph0ngwh0ng

hi,

with the following code, i authenticate a user correctly, and dismiss it if authentication failed. Although i cant figure how to let them retry by hitting the back button and then re-clicking on the protected link. $PHP_AUTH_USER will stay set no matter what. PHP docs wont get me anywhere. Here are things i tried:

<?php

if (!isset($_SERVER['PHP_AUTH_USER'])) 
{
    	header("WWW-Authenticate: Basic realm=\"Protected Area\"");
	header("HTTP/1.0 401 Unauthorized");
	echo "Unauthorized access\n";
	exit;
} 
else 
{
	// lookup the password table in mySQL table
	// mysql_connect etc etc

	$numRows = mysql_num_rows( $result );
	if($numRows != 1)
	{
		// lines of code i tried here
		//$_SERVER['PHP_AUTH_USER'] = ""	//here i was desperate
		//header("HTTP/1.0 401 Unauthorized"); 	//didn't work although php docs says so
		//unset( $_SERVER['PHP_AUTH_USER'] );	//didn't work although it should ARGH!
		echo 'Authentication failed.  Hit the "BACK" button and try again';
	}
	else
	{	
		// authentication succeeded. echo the page here.	
		echo 'bla bla bla';
	}
}

So, it is as if $PHP_AUTH_USER will stay set no matter what.

Thank you everyone.

ph0ngwh0ng

ok i found it on my own!

if(!authorized)
{
header("WWW-Authenticate: Basic realm=\"Download Area\"");
header("HTTP/1.0 401 Unauthorized");
echo "Authorization failed";
}

HA!!

Thanks anyway!!