Questions about the Header Function in PHP

T

TS Moderator1

Here is an example from the PHP Manual

<?php

if ((!isset($_SERVER['PHP_AUTH_USER'])) || (1==1)) {
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'Text to send if user hits Cancel button';
exit;
} else {
echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</
p>";
}
?>

Questions.

1. This is a status code not a header, right? => header('HTTP/1.0
401 Unauthorized');

2. According to the change log in the PHP manual, starting with 4.4.2
and 5.1.2 the header function now prevents more than one header to be
sent at once as a protection against header injection attacks. Does
this mean if I make multiple header calls the headers will be sent in
multiple response messages to the browser? Is this allowed? Can a
server send multiple response messages to one request?]

3. If you hit the "cancel" button on the browser user name/password
request dialog (as alluded to in the code snippet above), what message
does the browser send to the server.
 
J

J.O. Aho

TS said:
1. This is a status code not a header, right? => header('HTTP/1.0
401 Unauthorized');
Click to expand...

Status codes are sent in the header.

2. According to the change log in the PHP manual, starting with 4.4.2
and 5.1.2 the header function now prevents more than one header to be
sent at once as a protection against header injection attacks. Does
this mean if I make multiple header calls the headers will be sent in
multiple response messages to the browser? Is this allowed? Can a
server send multiple response messages to one request?]
Click to expand...

Not sure about this, the header() function do not have any limitation and if
there would be one header per request you would loose much of the
functionality of the headers.

3. If you hit the "cancel" button on the browser user name/password
request dialog (as alluded to in the code snippet above), what message
does the browser send to the server.
Click to expand...

The browser don't send anything at all.


These questions had been more properly been asked in alt.php.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

PHP cURL for large content and single HTTP request 1
Survey details won't go through using php, ajax, Mysql 0
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
Why is this WordPress comments form not submitting? 1
HCaptcha - How to stop page from refreshing on submit if captcha is not checked/validated 1
Script works fine on test server but not on production server 3
I Need Help with making a function that draws in a canvas using location data. 1
urllib2: correct way how to add a header to the *initial* request? 0

Members online

Total: 31 (members: 1, guests: 30)
Robots: 98

Forum statistics

Threads
473,780
Messages
2,569,611
Members
45,269
Latest member
vinaykumar_nevatia23

Latest Threads

Top