问题
In PHP I'm trying to create a basic HTTP authentication login (the one that pops up). Its my understanding this is done through a header, and this is my header:
header("WWW-Authenticate: Basic realm='Secure Area'");
After that, I check to see if the input username or password is incorrect, and if it is I execute one function or another:
if ($_SERVER["PHP_AUTH_USER"] != $username || $_SERVER["PHP_AUTH_PW"] != $password)
{
quit();
}
else
{
main();
}
However, when I test my code, and I enter the correct username and password and press "Log In" the login popup box just opens again, after the second time opening, I can press "Cancel" and it takes me to the result of the main function, but if I just keep pressing "Log In" it just keeps popping up.
Other than that, it works normally. If I press "Cancel" without correctly entering the username or password first it will quit. However, I need to resolve the problem of this seemingly 'endless login'.
How can I fix it?
回答1:
I guess you are resending the authenticate header even after the user is authenticated. Move the header() call into the if block, instead of quit().
来源:https://stackoverflow.com/questions/6908394/why-is-it-that-when-i-use-http-authentication-with-php-it-doesnt-close-until-i