I'm using the normal (I think is standard) PHP NTLM:
$headers = apache_request_headers();
if (!isset($headers['Authorization'])) {
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: NTLM');
exit;
}
$auth = $headers['Authorization'];
if (substr($auth,0,5) == 'NTLM ') {
....
}
I notice that if the user had login into his windows domain, my script will be revoked 3 times (NTLM credential detected). But if NTLM failed, the browser will show login form.
Now I don't want this login form. I need to detect if NTLM credential failed, instead of showing login form, I want to redirect to other page (eg Page Sorry You Are Not Domain User).
If I change my code to this, even user with valid NTLM credential will be redirected:
$headers = apache_request_headers();
if (!isset($headers['Authorization'])) {
redirect to other page
}
$auth = $headers['Authorization'];
if (substr($auth,0,5) == 'NTLM ') {
....
}