NYCPHP Meetup

[nycphp-talk] Firefox and authentication

Zakir Tariverdiev zakir_tariverdiev at yahoo.com
Sat Jan 31 04:09:34 EST 2009


Perhaps you'll find the answer here:
http://www.php-center.de/en-html-manual/features.http-auth.html

--- On Fri, 1/30/09, Michele Waldman <mmwaldman at nyc.rr.com> wrote:
From: Michele Waldman <mmwaldman at nyc.rr.com>
Subject: [nycphp-talk] Firefox and authentication
To: "'NYPHP Talk'" <talk at lists.nyphp.org>, javascript-7 at meetup.com, linux-392 at meetup.com
Date: Friday, January 30, 2009, 9:30 PM




 
 






I’m trying to switch from basic authentication to
digest.  I’m working in Firefox, which is why. 

   

 I’m using mod_auth_mysql for most of the account. 

     <Files
login.php>        Logged in as Basic 

 
AuthType Basic 

 
AuthName "The space" 

 
require group agroup 

     </Files> 

<Files
logout.php>      Want to call a script protected by
digest 

AuthType Digest 

AuthName "The Space" 

AuthUserFile /home/path/.htpasswd 

Require user nonexistent 

</Files> 

   

To log off, I’m using: 

olxmlHttp.open("GET","logout.php",false,
"logoff", "logoff"); 

olxmlHttp.setRequestHeader('Authorization',
'Digest'); 

olxmlHttp.send(null); 

            olxmlHttp.abort();
//* commented out right now 

In the .htaccess file I have: 

   

In the domain error log I
get: 

Digest:
client used wrong authentication scheme `Basic': /path/force_logout.php,
referer: https://domain/path/ 

Then a popup window opens. 
 

When I type the wrong
user/password, in the error log I get: 

Digest:
user `b' in realm `The Space' not found: /path/logout.php, referer: https://domain/path 

   

Does anyone know how to
switch between authentication type from a script?  I’m was thinking setRequestHeader
would work. 

In phpinfo() on a script in
the same directory, I have: 

   

HTTP Request GET /path/file
HTTP/1.1 

User-Agent Mozilla/5.0
(Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5  

Accept  

Keep-Alive 300  

Connection keep-alive  

Cookie PHPSESSID=whatever 

Authorization Digest
username="user", realm="My Site", nonce="value",
uri="script", algorithm=MD5, response="value", qop=auth,
nc=00000001, cnonce="value 

   

What I’m not sure is
what the server is looking at.  The authorization value in the client
header?  Is that dictating what should happen. Httpd is complaining wrong
Authentication Scheme, which makes me think server side Authenticate header,
which is what I was trying for a while until I realized I was on the client. 

Can I change the headers and
it will work?  Is this the right thing to do? 

I dabbled a little with
setting different Authorization header values. 

But, I need a break and
could use some advice. 

Michele 

   



 

_______________________________________________
New York PHP User Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk

http://www.nyphp.org/show_participation.php
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20090131/32b5df1b/attachment.html>


More information about the talk mailing list