nt challenge repsonse login

Anon

hello,

is it possible to use the challenge/response login mechanism provided by ms browsers?

im using apache under linux und think a function set asking the browser for the username/domain and password would be fine.

uwe fechner, germany

Anon

Yep, thou this only works when php is running as an Apache module, check out the php manual "Chapter 16. HTTP authentication with PHP" for more information.

Here's the example code it gives:

<?php
if(!isset($PHP_AUTH_USER))
{
Header("WWW-Authenticate: Basic realm=\"My Realm\"");
Header("HTTP/1.0 401 Unauthorized");
echo "Text to send if user hits Cancel button\n";
exit;
}
else
{
echo "Hello $PHP_AUTH_USER.<P>";
echo "You entered $PHP_AUTH_PW as your password.<P>";
}
?>

Of course you'd have to implement your own security code for checking the user's name and password, but I'm betting you already know how to handle that. 🙂

I'm actualy in the process of creating a full user verification system using this methood myself, too bad I can only use it on my production system (FreeBSD) and not on my dev system (Win32 has no Apache Module)