php authentication display text wrong credentials

Question

I've written the following php code to perform basic authentication. I would like to know how I can display text when the user clicks the ok button, and has entered in either an incorrect username or password. I've commented the line that I thought would make it work, but didn't.

$user = array('Bob' => 'bob');
$pass = array('Bob' => 'pass');
$userSuccess = false;
$passSuccess = false;

if(!isset($_SERVER['PHP_AUTH_USER']) && !isset($_SERVER['PHP_AUTH_PW']))
{
    header('http/1.1 401 Unauthorized');
    header('www-authenticate: basic');
    echo "<h2> HTTP Error 401: Unauthorized Access </h2>";
    exit;
}
else
{
    foreach($user as $value)
        if($_SERVER['PHP_AUTH_USER'] == $value)
            $userSuccess = true;
    foreach($pass as $value)
        if($_SERVER['PHP_AUTH_PW'] == $value)
            $passSuccess = true;

    if(!$userSuccess || !$passSuccess)
    {
        header('http/1.1 401 Unauthorized');
        header('www-authenticate: basic');
        echo "incorrect stuff";    // I don't get why this line doesn't make it work.
        exit;
    }
}

Thanks for you time.

Answer 1

You need to customize the 401 page. How you do this depends on your server.

For example, if using Apache, and assuming it's configured to allow it, you can make a .htaccess file with ErrorDocument 401 /errors/401.html.

Make /errors/401.html however you want, and that's what should be displayed when a 401 error is thrown.

If using nginx, see Nginx - Customizing 404 page, except you obviously want to customize 401 instead of 404.