Questions about the Header Function in PHP
am 02.07.2007 05:48:58 von TS Moderator1Here is an example from the PHP Manual
if ((!isset($_SERVER['PHP_AUTH_USER'])) || (1==1)) {
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'Text to send if user hits Cancel button';
exit;
} else {
echo "
Hello {$_SERVER['PHP_AUTH_USER']}.
";echo "
You entered {$_SERVER['PHP_AUTH_PW']} as your password.
p>";
}
?>
Questions.
1. This is a status code not a header, right? => header('HTTP/1.0
401 Unauthorized');
2. According to the change log in the PHP manual, starting with 4.4.2
and 5.1.2 the header function now prevents more than one header to be
sent at once as a protection against header injection attacks. Does
this mean if I make multiple header calls the headers will be sent in
multiple response messages to the browser? Is this allowed? Can a
server send multiple response messages to one request?]
3. If you hit the "cancel" button on the browser user name/password
request dialog (as alluded to in the code snippet above), what message
does the browser send to the server.