Specifications

The code in Listing 14.4 acts in a very similar way to the previous listings in this chapter. If

the user has not yet provided authentication information, it will be requested. If she has pro-

vided incorrect information, she is given a rejection message. If she provides a matching name-

password pair, she is presented with the contents of the page.

The user will see an interface somewhat different from the previous listings. We are not pro-

viding an HTML form for login information. The user’s browser will present her with a dialog

box. Some people see this as an improvement; others would prefer to have complete control

over the visual aspects of the interface. The login dialog box that Internet Explorer provides is

shown in Figure 14.4.

Implementing Authentication with PHP and MySQL

HAPTER 14

IMPLEMENTING

AUTHENTICATION

315

FIGURE 14.4

The user’s browser is responsible for the appearance of the dialog box when using HTTP authentication.

Because the authentication is being assisted by features built in to the browser, the browsers

choose to exercise some discretion in how failed authorization attempts are handled. Internet

Explorer lets the user try to authenticate three times before displaying the rejection page.

Netscape Navigator will let the user try an unlimited number of times, popping up a dialog box

to ask, “Authorization failed. Retry?” between attempts. Netscape only displays the rejection

page if the user clicks Cancel.

As with the code given in Listing 14.1 and 14.2, we could include this code in pages we

wanted to protect, or automatically prepend it to every file in a directory.

18 7842 CH14 3/6/01 3:35 PM Page 315