Page 1 of 1

http authentication - not working?

Posted: Wed Apr 21, 2004 2:42 am
by mike08
Im tying to use the authentication code for the admin side to my site but i either im not writing the code correctly or i don't understand. probably both but wondered if you could help


The window with the authentication box comes up fine but i
basically don't know what username and password into the box. i thick its what is hardcoded in the code but it doesn't work - can you explain this to me am i doing something wrong. if i am how do i set the username and password so that it does work please. PHP:



PHP:
--------------------------------------------------------------------------------

Code: Select all

<?php # authentication.php 
//This page handles the authentication for the admin pages 

$authorized = FALSE; // Initialise a variable 

//Check for authentication submission. 
if ( ( isset($_SERVER['PHP_AUTH_USER']) AND isset($_SERVER['PHP_AUTH_PW'])) ) {  

if ( ($_SERVER['PHP_AUTH_USER'] == 'CC006200') AND ($_SERVER['PHP_AUTH_PW'] == 'arsenal') ) { // if the correct values were entered ... 
         $authorized = TRUE;  
   }  
}  

//If they haven't been authorised, create the pop-up window. 
if (!$authorized) {  
   header('WWW-Authenticate: Basic realm="Administration"');  
   header('HTTP/1.0 401 Unauthorized');  
   // For cancellations 
}  
?>
if this is not a good way for making an admin side to the site. Could someone explain to me how to make a good one, because all i have at the moment is access for normal users to register but would like some sort of admin side. - cheers

Posted: Wed Apr 21, 2004 4:51 pm
by ol4pr0

Code: Select all

function validate($user, $pass) {
 $users = array('me' => 'mepass',
                        'you'=> 'youpass');

if (isset($users[$user]) && ($users[$user] == $pass) {
 return true;
}
else
{
return false;
}
}

if (! validate($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW'])) {
   header('WWW-Authenticate: Basic realm="Administration"'); 
   header('HTTP/1.0 401 Unauthorized'); 
   ECHO "Enter valid u & p please";
 exit; 
}
Believe you could also use the apache.conf the set the u & p however not sure