Jeremy,
I don't think it's possible to do what you want, and I have tried finding
a way.
With your "header " you are requestion an http authentication which means
the browser has to store the username and password and send them with EVERY page.
Those are the rules.
The only way to tell the browser to lose the username/password that I've found is to
tell
it that they're incorrect, (even though they are correct). But if you do
that it will go and ask the user to type them in again another three times
before it gives up and drops them.
You'll find that most of your users will probably keep the username/password
even after closing the browser and switching their computer off, which I guess
is even worse as far as you're concerned.
I hope I'm wrong but if you really must get them to enter username/password
every time, I think you'll have to create your own login box and forget
about http authentication.
It might be worth posting your question to an apache newsgroup as well. Even
if you're not using Apache, you should find those guys know just about everything
there is to know about http authentication.
Good Luck and I hope I'm wrong!
George
Jeremy Morano wrote:
>
> Hi everone...
> I'm having a little problem. The code below pops up a password dialog box
> where the user types in a username and a password to be able to proceed.
> However, if the user does not close the browser and goes back to the link,
> which they pops up the diolog box again and they don't have to type in there
> username and password again. They are remembered. I would like it so that
> the user has to type in there username and password any and every time that
> the diolog box is called on. Doe anyone know how to do this? I tried to
> clear the contents of PHP_AUTH_USER and PHP_AUTH_PW at the top of the page
> but that just messed things up. Can someone please help me?
>
> <?
> session_start();
> session_register("PHP_AUTH_USER");
>
> if (isset( $PHP_AUTH_USER ) && isset($PHP_AUTH_PW))
>
> // Connect to MySQL
>
> mysql_connect( 'l', 'c', 'c' )
> or die ( 'Unable to connect to server.' );
>
> // Select database on MySQL server
>
> mysql_select_db( 'contact' )
> or die ( 'Unable to select database.' );
>
> // Formulate the query
>
> $sql = "SELECT * FROM users WHERE
> username = '$PHP_AUTH_USER' AND
> password = '$PHP_AUTH_PW'";
>
> // Execute the query and put results in $result
>
> $result = mysql_query( $sql )
> or die ( 'Unable to execute query.' );
>
> // Get number of rows in $result.
>
> $num = mysql_numrows( $result );
>
> if ( $num != 0 )
>
> // A matching row was found - the user is authenticated.
>
> $auth = true;
>
> }
>
> }
>
> if ( ! $auth )
>
> header( 'WWW-Authenticate: Basic realm="Private"' );
> header( 'HTTP/1.0 401 Unauthorized' );
> echo 'Authorization Required.';
> exit;
>
> } else
>
> session_start();
>
> }
>
> if ($valid != "yes") {
> header("Location: contact_menu.php");
> exit;
> }
>
> ?>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
