Implementing Authentication with PHP and MySQL CHAPTER 14 315 The code in Listing acts in a very similar way to the previous listings in this chapter. If the user has not yet provided authentication information, it will be requested. If she has provided incorrect information, she is given a rejection message. If she provides a matching namepassword pair, she is presented with the contents of the page. The user will see an interface somewhat different from the previous listings. We are not providing an HTML form for login information. The user’s browser will present her with a dialog box. Some people. | Implementing Authentication with PHP and MySQL 315 Chapter 14 The code in Listing acts in a very similar way to the previous listings in this chapter. If the user has not yet provided authentication information it will be requested. If she has provided incorrect information she is given a rejection message. If she provides a matching namepassword pair she is presented with the contents of the page. The user will see an interface somewhat different from the previous listings. We are not providing an HTML form for login information. The user s browser will present her with a dialog box. Some people see this as an improvement others would prefer to have complete control over the visual aspects of the interface. The login dialog box that Internet Explorer provides is shown in Figure . Figure The user s browser is responsible for the appearance of the dialog box when using HTTP authentication. Because the authentication is being assisted by features built in to the browser the browsers choose to exercise some discretion in how failed authorization attempts are handled. Internet Explorer lets the user try to authenticate three times before displaying the rejection page. Netscape Navigator will let the user try an unlimited number of times popping up a dialog box to ask Authorization failed. Retry between attempts. Netscape only displays the rejection page if the user clicks Cancel. As with the code given in Listing and we could include this code in pages we wanted to protect or automatically prepend it to every file in a directory. 14 Implementing Authentication 316 E-commerce and Security Part III Using Basic Authentication with Apache s .htaccess Files We can achieve very similar results to the previous script without writing a PHP script. The Apache Web server contains a number of different authentication modules that can be used to decide the validity of data entered by a user. The easiest to use is mod_auth which compares name-password pairs
