For know I have the flowing functionality:
If the user go to another page it will get "401 access denied" because there isn't authenticate header in that request. And that is the problem.
I'm using basic HTTP authentication to consume REST web services from a joomla component and my users don't have to type in anything (the only have to log in on joomla once). I just grab the user already logged in and then i send it to my web service using CURL
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
//$username and $pass are the vars that will be used for authentication you can get them from your session or a cookie or in my case i got them from joomla JFactory::getUser()->username and JFactory::getUser()->password
curl_setopt($ch, CURLOPT_USERPWD, JFactory::getUser()->username.':'.JFactory::getUser()->password);
//here comes the important thing
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response=curl_exec($ch);
On the other side you just have to check $_SERVER['PHP_AUTH_USER']
and $_SERVER['PHP_AUTH_PW']
against your database and you're done
if (!isset($_SERVER['PHP_AUTH_USER'])||$_SERVER['PHP_AUTH_USER']==''||!isset($_SERVER['PHP_AUTH_PW'])||$_SERVER['PHP_AUTH_PW']=='') {
header('WWW-Authenticate: Basic realm="Something"');
header('HTTP/1.0 401 Unauthorized');
echo 'You must be a valid user to access this contents';
exit;
} else {
// go to your database check they are valid and return whatever you want to return
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With