I want give my users 3 chances to login.
Here's my code
<?php
if(!isset($PHP_AUTH_USER))
{
header("WWW-Authenticate: Basic realm=\"My Realm\"");
header("HTTP/1.0 401 Unauthorized");
echo "Text to send if user hits Cancel button\n";
exit;
}
else
{
//db connect statement here
//select a database statement here
//$QUERY="SELECT * from accounts where login = ".$PHP_AUTH_USER." AND password= ".$PHP_AUTH_PW;
//$RecordSet=mysql_query($QUERY);
//if(mysql_num_rows($RecordSet)=1)
if($PHP_AUTH_USER!="testl" || $PHP_AUTH_PW!="testp")
{
$attempts++;
if($attempts>=3)
{
echo "you are unwelcome here";
echo "<BR>";
echo $PHP_AUTH_USER;
}
else
{
echo "try again<BR>";
echo "ok, but how?<BR>";
echo "Good Question.";
}
}
else
{
echo "Welcome into my site All the other code goes here";
}
}
?>
It seems like once PHP_AUTH_USER gets set you have to close the browser to unset it. I want a way around that. I hate sending headers.
It may be something easy but I'm wiped out right now.
I submit this request to the php masters if the hope they will guide me to the truth. amen.
