Questions about 'PHP_AUTH_USER'

Ask a Question related to PHP Development, Design and Development.

  1. datactrl #1

    Default Questions about 'PHP_AUTH_USER'

    Hi, all

    If I use my login page to ask the user name and password instead of using
    header(), is that possible I can save the user name and password in
    $_SERVER['PHP_AUTH_USER'] and $_SERVRER['PHP_AUTH_PW'] for the whole
    session. Or I just save it in $_SESSION variable. And is that securable in a
    general level?


    Jack


    datactrl Guest
    Reply With Quote Reply With Quote

    2. Similar Questions and Discussions

    1. #35752 [Com]: PHP_AUTH_USER and PHP_AUTH_PW not available when using FastCGI
      ID: 35752 Comment by: phpbugs at thequod dot de Reported By: fcu-phpbugs at no-way dot org Status: Assigned...
    2. #35752 [Opn->Asn]: PHP_AUTH_USER and PHP_AUTH_PW not available when using FastCGI
      ID: 35752 Updated by: dmitry@php.net Reported By: fcu-phpbugs at no-way dot org -Status: Open +Status: ...
    3. Apache 2.0 and PHP_AUTH_USER
      I'm trying to get PHP authentication (using the headers to request authentication, and then checking $_SERVER and $_SERVER) - however, no matter...
    4. Two questions about PHP 5
      When is it supposed to be released? The example for the __call() function leaves something to be desired at the bottom of...
    5. 2 questions :) - portal questions
      Say the portal displays a relationship that uses the Box_ID field as the match field on both sides. In the child file (items in the box), add two...
  2. Colin McKinnon #2

    Default Re: Questions about 'PHP_AUTH_USER'

    datactrl wrote:
    > Hi, all
    >
    > If I use my login page to ask the user name and password instead of using
    > header(), is that possible I can save the user name and password in
    > $_SERVER['PHP_AUTH_USER'] and $_SERVRER['PHP_AUTH_PW'] for the whole
    > session. Or I just save it in $_SESSION variable. And is that securable in
    > a general level?
    >
    Even if you could set the SERVER variables they will get overwritten by the
    next request from the browser (which doesn't know to send the parameters
    nor what values to use since you are using a form to collect the data).

    The session would be the obvious place to keep it, but storing the password
    in the session gives no advantage but does provide another place for any
    cracker to look in for authentication details after they've broken into
    your system.

    HTH

    C.
    Colin McKinnon Guest
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139