NYCPHP Meetup

NYPHP.org

[nycphp-talk] NEW PHundamentals Question - HTTP Authentication

Tim Gales tgales at tgaconnect.com
Sun Oct 24 13:33:21 EDT 2004


csnyder writes:

> But I think this is a PHundamental because of PHP's built-in 
> support for requesting a username and password via Basic 
> Authentication. The idea is that you put:
> 
>    header( 'WWW-Authenticate: basic realm="Members Only" ' );
>    header( 'HTTP/1.0 401 Unauthorized' ); 

Perhaps it could be mentioned that if you use prepends or includes, 
it might be wise to put in a check to see if the headers have 
already been sent. Otherwise with error notification turned down low,   
you might miss the fact that the headers you are trying to send 
are not going out. Something like:

if (headers_sent($filename, $linenum)) {
   trigger_error( "Problem: Headers already sent in $filename on line
$linenum ");
   exit;
} 

header( 'whatever...

And further it could be pointed out that it is a 
*bad* practice (worse than usual) to use PHP versions 
before 4.3.4, if you plan to use headers_sent.

see:
 http://bugs.php.net/bug.php?id=25701 

(if you move up to PHP 5 and you could use headers_list 
http://us2.php.net/headers_list to see what's going on --  
or will go on -- with headers)

T. Gales & Associates
'Helping People Connect with Technology'

http://www.tgaconnect.com


---
Outgoing mail checked
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.778 / Virus Database: 525 - Release Date: 10/15/2004
 




More information about the talk mailing list