I had learnt about this authentication in php two days ago and applied on a practice website
<?php
require_once('serverconnect.php');
if(!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) {
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: Basic realm="Mismatch"');
exit('<center><h1>Sorry, you must be logged in to access this website</h1></center>');
}
$dbc = connect();
$username = mysqli_real_escape_string($dbc, trim($_SERVER['PHP_AUTH_USER']));
$password = mysqli_real_escape_string($dbc, trim($_SERVER['PHP_AUTH_PW']));
$query = "select user_id, username from mismatch_user where username='$username' and pass=SHA1('$password')";
$result = mysqli_query($dbc, $query) or die('Error in querying the database');
if(mysqli_num_rows($result) == 1) {
$row = mysqli_fetch_array($result);
$username = $row['username'];
$password = $row['pass'];
}
else {
header('HTTP/1.1 401 Unauthorized');
header('WWW-Auhtenticate: Basic realms="Mismatch"');
exit('<center><h1>Sorry, you must be logged in to access this website</h1></center>');
}
echo '<p> You are looged in as'.$username.'</p>';
?>
It works fine when this page is loaded for first time but once entered any wrong value in the username and password field, clicking the cancel button and loading the page further does not bring back that authentication window. May be there would be cache problem, please suggest me what should i do to make the page ask the authentication each time it is loaded except saving the password by the browser
