HTTP Authentication and PHP

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
matthiasone
Forum Contributor
Posts: 117
Joined: Mon Jul 22, 2002 12:14 pm
Location: Texas, USA
Contact:

HTTP Authentication and PHP

Post by matthiasone »

I am trying to have the browser require authentication before loadiing a page.

here is the code that calls that authentication

Code: Select all

require_once("spall_fns.php");
  if (! isset($area))
    authorize();
This is the funtction that is called

Code: Select all

require_once("/usr/home/faog/functions/db_fns.php");
function authorize($_SERVER)
{
  if (!isset($_SERVERї'PHP_AUTH_USER'])) 
  {
    header("WWW-Authenticate: Basic realm='Lufkin.org'");
    header('HTTP/1.0 401 Unauthorized');
    echo 'You are not a register user.  If you need to be please contact the webmaster';
    exit;
  } 
  else 
  {
  	$query = "SELECT * FROM users WHERE username = '".$_SERVERї'PHP_AUTH_USER']."' AND password = PASSWORD('".$_SERVERї'PHP_AUTH_PW']."')";
	$result = query_db($query); 
	$numrow =  mysql_num_rows($result);
	echo $numrow."<BR>";
	if($numrow == 1)
	&#123; 
	  $user = mysql_fetch_array($result);
      load_mainpage($user&#1111;"uid"]);
	&#125;
	else
	  echo 'You cannot be logged due to incorrect username or password.  Please contact the webmaster with any questions';
  &#125;
&#125;
Can anyone help me?
fatalcure
Forum Contributor
Posts: 141
Joined: Thu Jul 04, 2002 12:57 pm
Contact:

Post by fatalcure »

i dont think using "function authorize($_SERVER)" makes $_SERVER avaliable for that function.

Use this inside the fucntion;

global $_SERVER;

I don't know if that will fix your problem, as I have not used authentication before.
matthiasone
Forum Contributor
Posts: 117
Joined: Mon Jul 22, 2002 12:14 pm
Location: Texas, USA
Contact:

Post by matthiasone »

fatalcure - the global thing didn't work
I guess I should explain a little more

when I run the code not as a function, but just at a script inside a page it works correctly.

When in the function, I get the 'You are not a register user. If you need to be please contact the webmaster' echo
fatalcure
Forum Contributor
Posts: 141
Joined: Thu Jul 04, 2002 12:57 pm
Contact:

Post by fatalcure »

why dont u try echoing $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] inside the function to see if they're available.
matthiasone
Forum Contributor
Posts: 117
Joined: Mon Jul 22, 2002 12:14 pm
Location: Texas, USA
Contact:

Post by matthiasone »

$_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_USER'] appear to be null or empty when I echoed them.
fatalcure
Forum Contributor
Posts: 141
Joined: Thu Jul 04, 2002 12:57 pm
Contact:

Post by fatalcure »

so those server vars aren't available to the function, do this:

Code: Select all

function authorize() &#123;
     global $_SERVER&#1111;"PHP_AUTH_USER"], $_SERVER&#1111;"PHP_AUTH_PW"];
     //rest of function
&#125;
matthiasone
Forum Contributor
Posts: 117
Joined: Mon Jul 22, 2002 12:14 pm
Location: Texas, USA
Contact:

Post by matthiasone »

well actually I got it working

Thanks for your help
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

You shouldn't have to global $_SERVER to have it accessible in a function, it's an autoglobal variable. What was your solution matthiasone?

Mac
matthiasone
Forum Contributor
Posts: 117
Joined: Mon Jul 22, 2002 12:14 pm
Location: Texas, USA
Contact:

Post by matthiasone »

well I took it out of the function and made it the stand-alone script and placed a header() to the next page if the user logged in right
User avatar
hob_goblin
Forum Regular
Posts: 978
Joined: Sun Apr 28, 2002 9:53 pm
Contact:

Post by hob_goblin »

you should have changed

Code: Select all

function authorize($_SERVER)
to

Code: Select all

function authorize()
because

a) $_SERVER is an autoglobal.
b) it SHOULD have spit out errors when you called it because it was missing an argument when called
Post Reply