<?php
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'Text to send if user hits Cancel button';
exit;
} else {
echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";
}
?>
This piece of code kind of defies the logic behind the way an "if" control structure works. But I have seen the same thing in many pieces of code so for some reason it must be right. Yet my logic tells me otherwise.
Of course the condition of "!isset($_SERVER['PHP_AUTH_USER'])) checks to see if this variable is set on the server. Let's say that it is not set. So the server sends a request to the client requiring HTTP Authentication "header('WWW-Authenticate: Basic realm="My Realm"');" and let's say that I provide one that is correct. After this, somehow the "if" control structure skips the " header('HTTP/1.0 401 Unauthorized');" and the echo statement and the rest of the control structure. Why is this?
