This is all good but needs to be dealing with the password as a
hash/digest not the real clear text password. I would use SHA1
(SHA-160) or MD5.
Jason k Larson
Web Developer++
AL> The way i do it is have a separate table in the database that keeps track of
AL> users and passwords for the application.
AL> I use the WWW-Authenticate header to get $PHP_AUTH_USER and $PHP_AUTH_PW
AL> I run them through the table using a select query. If I come back with a
AL> match, I set a variable, $auth, equal to true.
AL> If $auth is equal to true, they can perform whatever functions in the page I
AL> have.
AL> I don't have a log out button, but all I would probably do would be set
AL> $auth = false and unset the $PHP... variables.
AL> Adam Lang
AL> Systems Engineer
AL> Rutgers Casualty Insurance Company
AL> http://www.rutgersinsurance.com
AL> ----- Original Message -----
AL> From: "Christian Marschalek" <cm@chello.at>
AL> To: "'Adam Lang'" <aalang@rutgersinsurance.com>
AL> Cc: "[PHP] PostgreSQL" <pgsql-php@postgresql.org>
AL> Sent: Friday, April 27, 2001 11:43 AM
AL> Subject: RE: [PHP] HTTP authentication
