I have site1.com, there is a basic ath form with the user and the original proof has been found near 2. com. When users submit their pass and user name in site 1. com, they need to redirect them to the site 2. com without the original asen credentials because they just enter them on site1.com
& lt? Php if ($ _SESSION ['http_logged']! = 1) {} (! ($ _ SERVER ['PHP_AUTH_USER']) || Isset ($ _ SERVER ['PHP_AUTH_PW']) {header ('WWW-authentication : Basic Realm = "Good day"); Header ('HTTP / 1.0401 unauthorized'); Echo "<"> Title <401 Authority Required ; & lt; ; / Title> gt; & lt; body & gt; "echo" & lt; h1 & gt; authorization is required & lt; / h1 & gt; "$ _SESSION ['http_logged '] = 1; Exit;} and {$ Credential = $ _ server [' PHP_AUTH_USER ']. ":". $ _ SERVER [' PHP_AUTH_PW ']; header (' location: site2.com '); header ( "Authorization: Basic". Base64_encode ($ credentials)); $ _SESSION ['http_logged'] = 0;}? & Gt; I have 2 problems: 1. When the user cancels the press and after returning to the page, thebasic auth form is no longer showing only after restarting the browser again The credentials site 2. com is sent to the site 2. com.
Am I doing the wrong thing?
You are confused with a customer though a server is quite confusing.
In short, You can not tell the browser to authorize another site using the original proof. Period. Use cookies and cross-site authentication instead.
No comments:
Post a Comment