dongmao3148 2018-12-05 08:59
浏览 66

PHP NTLM:凭证失败时阻止登录表单

I'm using the normal (I think is standard) PHP NTLM:

$headers = apache_request_headers();
if (!isset($headers['Authorization'])) {
    header('HTTP/1.1 401 Unauthorized');
    header('WWW-Authenticate: NTLM');
    exit;
}

$auth = $headers['Authorization'];
if (substr($auth,0,5) == 'NTLM ') {
    ....
}

I notice that if the user had login into his windows domain, my script will be revoked 3 times (NTLM credential detected). But if NTLM failed, the browser will show login form.

Now I don't want this login form. I need to detect if NTLM credential failed, instead of showing login form, I want to redirect to other page (eg Page Sorry You Are Not Domain User).

If I change my code to this, even user with valid NTLM credential will be redirected:

$headers = apache_request_headers();
if (!isset($headers['Authorization'])) {
    redirect to other page
}

$auth = $headers['Authorization'];
if (substr($auth,0,5) == 'NTLM ') {
    ....
}
  • 写回答

0条回答 默认 最新

    报告相同问题?

    悬赏问题

    • ¥100 set_link_state
    • ¥15 虚幻5 UE美术毛发渲染
    • ¥15 CVRP 图论 物流运输优化
    • ¥15 Tableau online 嵌入ppt失败
    • ¥100 支付宝网页转账系统不识别账号
    • ¥15 基于单片机的靶位控制系统
    • ¥15 真我手机蓝牙传输进度消息被关闭了,怎么打开?(关键词-消息通知)
    • ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?
    • ¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
    • ¥15 手机接入宽带网线,如何释放宽带全部速度