Authentication - PHP_AUTH_USER / PW don't get set
Posted: Thu Aug 07, 2003 10:07 am
Hi,
I'm using the following code to try to get user authentication working. However, when I try to load the page, I just get the user name/password box popping up over and over again, regardless of the user name and password I've put in.
I've narrowed it down to the fact that $PHP_AUTH_USER and $PHP_AUTH_PW don't get set. "register_globals" is "On", according to my hosting company's website (I tried using $_SERVER['PHP_AUTH_USER'] etc. instead anyway, but it made no difference).
Can anyone help me out here?
Thanks,
M-A
I'm using the following code to try to get user authentication working. However, when I try to load the page, I just get the user name/password box popping up over and over again, regardless of the user name and password I've put in.
I've narrowed it down to the fact that $PHP_AUTH_USER and $PHP_AUTH_PW don't get set. "register_globals" is "On", according to my hosting company's website (I tried using $_SERVER['PHP_AUTH_USER'] etc. instead anyway, but it made no difference).
Can anyone help me out here?
Thanks,
M-A
Code: Select all
<?php
if ((!isset($PHP_AUTH_USER)) or (!isset($PHP_AUTH_PW)))
{
header("WWW-Authenticate: Basic realm="my realm"");
header("HTTP/1.0 401 Unauthorized");
echo "Please log in to access this area of the site.\n";
exit;
}
else
{
$query="SELECT STR_Pass FROM tbl_Authenticate WHERE STR_UID='".$PHP_AUTH_USER."'";
$result = mysql_query($query) or die("Query failed.");
$authenticated=0;
while ($row=mysql_fetch_array($result,MYSQL_ASSOC))
{
##loop through all possible users with that UID.
if (crypt($PHP_AUTH_PW ,$row["STR_Pass"]) == $row["STR_Pass"])
{
$authenticated=1;
}
}
if ($authenticated==0)
{
header("WWW-Authenticate: Basic realm="".$realm.""");
header("HTTP/1.0 401 Unauthorized");
echo "Wrong user / password\n";
exit;
}
}
?>