[Wylug-help] HTTP authentication error redirector

Gary Stainburn gary.stainburn at ringways.co.uk
Fri, 24 Jan 2003 12:28:26 +0000 

On Thursday 23 Jan 2003 10:41 pm, lotusblossom@blueyonder.co.uk wrote:
> I could be wrong, but I think you just add it into the header:
>
> Replace your echo with :
>
> header("Location: http://www.stainburn.com/nymr/noentry.html?$secure");
>
> Hope this helps
> Rachel
> ---
> Rachel Harding
> mailto:LotusBlossom@Blueyonder.co.uk
>

Hi Rachel,

I've already tried that but it doesnt work. It simply actioned the Location:
immediately without first prompting for the username and password.  (Also,
the feedback form didn't render in IE!)

Judging by the way wget behaves, this appears to be either because Apache/PHP
seems to be sending the Location: header in preference to the other two
headers, or the browser's and accepting it in preference.

If I changed the header to echo it simply produced a text/plain document with
the syntax showing.

Both browsers behaved identically in all these tests.

One thing I have thought about but I don't know how to do it is have a
Javascript routine called when the page is loaded, and have it redirect the
browser somehow.

Anyone got suggestions?

Gary

>
>
>
> Gary Stainburn <gary.stainburn@ringways.co.uk>
> Sent by: wylug-help-admin@wylug.org.uk
> 23/01/2003 17:00
>
>         To:     wylug-help@wylug.org.uk
>         cc:
>         Subject:        [Wylug-help] HTTP authentication error redirector
>
>
> Hi folks,
>
> I've got the following code which works great on Netscape/Mozilla
> browsers.
> If the user hits the escape key at the user ID and password window, the
> text
> specified is rendered in the browser and the user is redirected to the
> relevent error page.
>
> However, this doesn't work with MS browsers as they don't honour the
> HTTP-EQUIV meta-tag.  Has anyone got a workaround that I could try?
>
>   function getauth($realm) {
>     if (!$realm) {
>       $realm='Restricted NYMR';
>     }
>     global $secure;
>     header("WWW-Authenticate: Basic realm=\"$realm\"");
>     header('HTTP/1.0 401 Unauthorized');
>     echo("<html><head><title>Unauthorised access</title><meta
> http-equiv=\"Location\"
> content=\"http://www.stainburn.com/nymr/noentry.html?$secure\"></head><body
>></body></html>"); exit;
>   }

--
Gary Stainburn

This email does not contain private or confidential material as it
may be snooped on by interested government parties for unknown
and undisclosed purposes - Regulation of Investigatory Powers Act, 2000