auth_user

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
ol4pr0
Forum Regular
Posts: 926
Joined: Thu Jan 08, 2004 11:22 am
Location: ecuador

auth_user

Post by ol4pr0 »

This code keeps asking me for the user and password. test, test cant be that hard to get wrong.

Code: Select all

$crsalt = "aB"; 
$usertable = "users"; 

function check_auth() { 
    global $sqlhost, $sqllogin, $sqlpass, $dbname, $crsalt, $users; 
    global $PHP_AUTH_USER, $PHP_AUTH_PW; 
    if (!isset($PHP_AUTH_USER)) { 
        header('WWW-Authenticate: Basic realm="Admin Area"'); 
        header("HTTP/1.0 401 Unauthorized"); 
        print "<b>Wrong password or you don't have access.</b>"; 
        exit; 
    } else if (isset($PHP_AUTH_USER)) { 
        mysql_connect($sqlhost, $sqllogin, $sqlpass); 
        mysql_select_db($dbname); 

        $pass = crypt($PHP_AUTH_PW,$crsalt); 

        $res = mysql_query("SELECT * FROM users WHERE username='$PHP_AUTH_USER' AND encrpass='$pass'"); 
        $pres = mysql_query("SELECT * FROM users WHERE username='$PHP_AUTH_USER'"); 
        $row = mysql_fetch_array($pres); 
        $tmppass = $row["tmppass"]; 
        if ($tmppass) {mysql_query("UPDATE users SET tmppass=encrpass, encrpass='$tmppass' WHERE username='$PHP_AUTH_USER'");} 
        $num = mysql_numrows($res); 
        if ($num != "0") { 
            return 1; 
        } else { 
            header('WWW-Authenticate: Basic realm="Admin Area"'); 
            header("HTTP/1.0 401 Unauthorized"); 
            print "<b>Wrong password or you don't have access.</b>"; 
        exit();
		} 
    } 
} 
?>
On other page

Code: Select all

<?php 
require "foo.php"; 
check_auth(); 
?>
Logged in: <?php echo $PHP_AUTH_USER; ?><br><br>
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

have you tried it with $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] ?
User avatar
ol4pr0
Forum Regular
Posts: 926
Joined: Thu Jan 08, 2004 11:22 am
Location: ecuador

Post by ol4pr0 »

I did that gives me an error in global $_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']

unexpected [
User avatar
ol4pr0
Forum Regular
Posts: 926
Joined: Thu Jan 08, 2004 11:22 am
Location: ecuador

Post by ol4pr0 »

hmm.. thought i would need that
User avatar
ol4pr0
Forum Regular
Posts: 926
Joined: Thu Jan 08, 2004 11:22 am
Location: ecuador

Post by ol4pr0 »

Still doesnt work tho.

Code: Select all

function check_auth() { 
    global $sqlhost, $sqllogin, $sqlpass, $dbname, $crsalt, $users; 
    //global $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']; 
    if (!isset($_SERVER['PHP_AUTH_USER'])) { 
        header('WWW-Authenticate: Basic realm="Admin Area"'); 
        header("HTTP/1.0 401 Unauthorized"); 
        print "<b>Wrong password or you don't have access.</b>"; 
        exit; 
    } else if (isset($_SERVER['PHP_AUTH_USER'])) { 
        mysql_connect($sqlhost, $sqllogin, $sqlpass); 
        mysql_select_db($dbname); 

        $pass = crypt($_SERVER['PHP_AUTH_PW'],$crsalt); 

        $res = mysql_query("SELECT * FROM users WHERE username='".$_SERVER['PHP_AUTH_USER']."' AND encrpass='$pass'"); 
        $pres = mysql_query("SELECT * FROM users WHERE username='".$_SERVER['PHP_AUTH_USER']."'"); 
        $row = mysql_fetch_array($pres); 
        $tmppass = $row["tmppass"]; 
        if ($tmppass) {mysql_query("UPDATE users SET tmppass=encrpass, encrpass='$tmppass' WHERE username='".$_SERVER['PHP_AUTH_USER']."'");} 
        $num = mysql_numrows($res); 
        if ($num != "0") { 
            return 1; 
        } else { 
            header('WWW-Authenticate: Basic realm="Admin Area"'); 
            header("HTTP/1.0 401 Unauthorized"); 
            print "<b>Wrong password or you don't have access.</b>"; 
        exit();
		} 
    } 
} 
?>
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

I meant more like

Code: Select all

<?php


$crsalt = "aB"; 
$usertable = "users"; 

function check_auth() { 
    global $sqlhost, $sqllogin, $sqlpass, $dbname, $crsalt, $users; 
    $user = (isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : '');
    $pwd = (isset($_SERVER['PHP_AUTH_PW']) ? $_SERVER['PHP_AUTH_PW'] : '');
    if (empty($user) || empty($pwd)) { 
        header('WWW-Authenticate: Basic realm="Admin Area"'); 
        header("HTTP/1.0 401 Unauthorized"); 
        print "<b>Wrong password or you don't have access.</b>"; 
        exit; 
    } else { 
        mysql_connect($sqlhost, $sqllogin, $sqlpass); 
        mysql_select_db($dbname); 

        $pass = crypt($pwd,$crsalt); 

        $res = mysql_query("SELECT * FROM users WHERE username='$user' AND encrpass='$pass'"); 
        $pres = mysql_query("SELECT * FROM users WHERE username='$user'"); 
        $row = mysql_fetch_array($pres); 
        $tmppass = $row["tmppass"]; 
        if ($tmppass) {mysql_query("UPDATE users SET tmppass=encrpass, encrpass='$tmppass' WHERE username='$user'");} 
        $num = mysql_numrows($res); 
        if ($num != "0") { 
            return 1; 
        } else { 
            header('WWW-Authenticate: Basic realm="Admin Area"'); 
            header("HTTP/1.0 401 Unauthorized"); 
            print "<b>Wrong password or you don't have access.</b>"; 
        exit(); 
      } 
    } 
} 

?>

[edit: hmm.. not too sure then..]
User avatar
ol4pr0
Forum Regular
Posts: 926
Joined: Thu Jan 08, 2004 11:22 am
Location: ecuador

Post by ol4pr0 »

Sorry man, this is making me kinda.. lol..

However as you can guess it didnt work. What is going wrong ?

Got php5 now installed ? should that have anything to do withit >?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

you sure mysql is plugged in and working in php?
User avatar
ol4pr0
Forum Regular
Posts: 926
Joined: Thu Jan 08, 2004 11:22 am
Location: ecuador

Post by ol4pr0 »

Yep absolutely..
all is fully working as it should.

have some pages in other dir.. and they connect just fine

And to be sure i didnt mistype anything i used

login = t
pass = t (aBSfnUTuie/g2 in database)

and added

Code: Select all

or die(mysql_error());
mysql from phpinfo
mysql

MySQL Support enabled
Active Persistent Links 0
Active Links 0
Client API version 3.23.57

Directive Local Value Master Value
mysql.allow_persistent On On
mysql.connect_timeout 60 60
mysql.default_host no value no value
mysql.default_password no value no value
mysql.default_port no value no value
mysql.default_socket no value no value
mysql.default_user no value no value
mysql.max_links Unlimited Unlimited
mysql.max_persistent Unlimited Unlimited
mysql.trace_mode Off Off
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

have you tried adding some unique echos to see if the 401 is coming from the first or second?
User avatar
ol4pr0
Forum Regular
Posts: 926
Joined: Thu Jan 08, 2004 11:22 am
Location: ecuador

Post by ol4pr0 »

Yea i did however i am not gettning back any echo.s
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

then you may have a parse error or something, is error_reporting set to E_ALL, and display_errors to 1/true?
User avatar
ol4pr0
Forum Regular
Posts: 926
Joined: Thu Jan 08, 2004 11:22 am
Location: ecuador

Post by ol4pr0 »

They are set.

error_reporting = E_ALL & ~E_NOTICE & ~E_STRICT
display_errors = On
Post Reply