Hi
I am reading a PHP book, and I reached to Security section of it. I understood that there is a server based security named BASIC AUTHENTICATION, and I can use it via PHP, Apache, and IIS.
I want to use it on my web server over the internet, but webmasters usually don't privilege access to the server. I am using a Windows 2000 web server, and I can't access to IIS configuration. The only way to use BASIC AUTHENTICATION is using PHP. In this book the author wrote a program, that can use BASIC AUTHENTICATION. Here is the code:
<?
if (substr($SERVER_SOFTWARE, 0, 9) == "Microsoft" &&
!isset($PHP_AUTH_USER) &&
!isset($PHP_AUTH_PW) &&
substr($HTTP_AUTHORIZATION, 0, 6) =="Basic "
)
{
list($PHP_AUTH_USER, $PHP_AUTH_PW) =
explode(":", base64_decode(substr($HTTP_AUTHORIZATION, 6)));
}
if ($PHP_AUTH_USER != "user" || $PHP_AUTH_PW != "pass")
{
header('WWW-Authenticate: Basic realm="Realm-Name"');
if (substr($SERVER_SOFTWARE, 0, 9) == "Microsoft")
header("Status: 401 Unauthorized");
else
header("HTTP/1.0 401 Unauthorized");
echo "<h1>Go Away!</h1>";
echo "You are not authorized to view this resource.";
}
else
{
echo "<h1>Here it is!</h1>";
}
?>
But when I try to run it on my machine (not on the server) it said me there is a "500 Internal server Error". When I check the error log file (I use an Apache web server on my own PC), it said me:
[Wed Jul 03 10:53:50 2002] [error] [client 127.0.0.1] malformed header from script. Bad header=HTTP/1.0 401 Unauthorized: /apache/php/php.exe
[Wed Jul 03 10:53:50 2002] [error] [client 127.0.0.1] PHP: Error parsing ./browscap/browscap.ini on line 8206
What is wrong? And how can I fix it? If I run this program on my internet web server, does this problem occure again? (my web server over the internet doesn't available for one month, so I can't check it).
BASIC AUTHENTICATION
Moderator: General Moderators