If HTTP authentification exists, like this:
if ($_SERVER['PHP_AUTH_USER'] === '...' && $_SERVER['PHP_AUTH_PW'] === '...') { // Process user login. } else { header('WWW-Authenticate: Basic realm="Zone"); header('HTTP/1.0 401 Unauthorized'); die("Please enter username and password."); }
Why google, facebook, everyone is using custom forms to perform authentifications? Am I missing something here?
Advertisement
Answer
The PHP_AUTH_USER
and PHP_AUTH_PW
server variables are by default set when the server is configured with basic authentication and if the client provides credentials through an authentication header.
Sites generally don’t use basic authentication because its user experience in browsers is … horrific.
Using a login form and a POST handler that processes the form, sites can provide a user-friendly, customized login experience.