Page 1 of 1

auth_user

Posted: Sun Jul 18, 2004 1:19 am
by ol4pr0
This code keeps asking me for the user and password. test, test cant be that hard to get wrong.

Code: Select all

$crsalt = "aB"; 
$usertable = "users"; 

function check_auth() { 
    global $sqlhost, $sqllogin, $sqlpass, $dbname, $crsalt, $users; 
    global $PHP_AUTH_USER, $PHP_AUTH_PW; 
    if (!isset($PHP_AUTH_USER)) { 
        header('WWW-Authenticate: Basic realm="Admin Area"'); 
        header("HTTP/1.0 401 Unauthorized"); 
        print "<b>Wrong password or you don't have access.</b>"; 
        exit; 
    } else if (isset($PHP_AUTH_USER)) { 
        mysql_connect($sqlhost, $sqllogin, $sqlpass); 
        mysql_select_db($dbname); 

        $pass = crypt($PHP_AUTH_PW,$crsalt); 

        $res = mysql_query("SELECT * FROM users WHERE username='$PHP_AUTH_USER' AND encrpass='$pass'"); 
        $pres = mysql_query("SELECT * FROM users WHERE username='$PHP_AUTH_USER'"); 
        $row = mysql_fetch_array($pres); 
        $tmppass = $row["tmppass"]; 
        if ($tmppass) {mysql_query("UPDATE users SET tmppass=encrpass, encrpass='$tmppass' WHERE username='$PHP_AUTH_USER'");} 
        $num = mysql_numrows($res); 
        if ($num != "0") { 
            return 1; 
        } else { 
            header('WWW-Authenticate: Basic realm="Admin Area"'); 
            header("HTTP/1.0 401 Unauthorized"); 
            print "<b>Wrong password or you don't have access.</b>"; 
        exit();
		} 
    } 
} 
?>
On other page

Code: Select all

<?php 
require "foo.php"; 
check_auth(); 
?>
Logged in: <?php echo $PHP_AUTH_USER; ?><br><br>

Posted: Sun Jul 18, 2004 1:56 am
by feyd
have you tried it with $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] ?

Posted: Sun Jul 18, 2004 2:17 am
by ol4pr0
I did that gives me an error in global $_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']

unexpected [

Posted: Sun Jul 18, 2004 2:21 am
by ol4pr0
hmm.. thought i would need that

Posted: Sun Jul 18, 2004 2:22 am
by ol4pr0
Still doesnt work tho.

Code: Select all

function check_auth() { 
    global $sqlhost, $sqllogin, $sqlpass, $dbname, $crsalt, $users; 
    //global $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']; 
    if (!isset($_SERVER['PHP_AUTH_USER'])) { 
        header('WWW-Authenticate: Basic realm="Admin Area"'); 
        header("HTTP/1.0 401 Unauthorized"); 
        print "<b>Wrong password or you don't have access.</b>"; 
        exit; 
    } else if (isset($_SERVER['PHP_AUTH_USER'])) { 
        mysql_connect($sqlhost, $sqllogin, $sqlpass); 
        mysql_select_db($dbname); 

        $pass = crypt($_SERVER['PHP_AUTH_PW'],$crsalt); 

        $res = mysql_query("SELECT * FROM users WHERE username='".$_SERVER['PHP_AUTH_USER']."' AND encrpass='$pass'"); 
        $pres = mysql_query("SELECT * FROM users WHERE username='".$_SERVER['PHP_AUTH_USER']."'"); 
        $row = mysql_fetch_array($pres); 
        $tmppass = $row["tmppass"]; 
        if ($tmppass) {mysql_query("UPDATE users SET tmppass=encrpass, encrpass='$tmppass' WHERE username='".$_SERVER['PHP_AUTH_USER']."'");} 
        $num = mysql_numrows($res); 
        if ($num != "0") { 
            return 1; 
        } else { 
            header('WWW-Authenticate: Basic realm="Admin Area"'); 
            header("HTTP/1.0 401 Unauthorized"); 
            print "<b>Wrong password or you don't have access.</b>"; 
        exit();
		} 
    } 
} 
?>

Posted: Sun Jul 18, 2004 2:26 am
by feyd
I meant more like

Code: Select all

<?php


$crsalt = "aB"; 
$usertable = "users"; 

function check_auth() { 
    global $sqlhost, $sqllogin, $sqlpass, $dbname, $crsalt, $users; 
    $user = (isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : '');
    $pwd = (isset($_SERVER['PHP_AUTH_PW']) ? $_SERVER['PHP_AUTH_PW'] : '');
    if (empty($user) || empty($pwd)) { 
        header('WWW-Authenticate: Basic realm="Admin Area"'); 
        header("HTTP/1.0 401 Unauthorized"); 
        print "<b>Wrong password or you don't have access.</b>"; 
        exit; 
    } else { 
        mysql_connect($sqlhost, $sqllogin, $sqlpass); 
        mysql_select_db($dbname); 

        $pass = crypt($pwd,$crsalt); 

        $res = mysql_query("SELECT * FROM users WHERE username='$user' AND encrpass='$pass'"); 
        $pres = mysql_query("SELECT * FROM users WHERE username='$user'"); 
        $row = mysql_fetch_array($pres); 
        $tmppass = $row["tmppass"]; 
        if ($tmppass) {mysql_query("UPDATE users SET tmppass=encrpass, encrpass='$tmppass' WHERE username='$user'");} 
        $num = mysql_numrows($res); 
        if ($num != "0") { 
            return 1; 
        } else { 
            header('WWW-Authenticate: Basic realm="Admin Area"'); 
            header("HTTP/1.0 401 Unauthorized"); 
            print "<b>Wrong password or you don't have access.</b>"; 
        exit(); 
      } 
    } 
} 

?>

[edit: hmm.. not too sure then..]

Posted: Sun Jul 18, 2004 2:29 am
by ol4pr0
Sorry man, this is making me kinda.. lol..

However as you can guess it didnt work. What is going wrong ?

Got php5 now installed ? should that have anything to do withit >?

Posted: Sun Jul 18, 2004 2:32 am
by feyd
you sure mysql is plugged in and working in php?

Posted: Sun Jul 18, 2004 2:36 am
by ol4pr0
Yep absolutely..
all is fully working as it should.

have some pages in other dir.. and they connect just fine

And to be sure i didnt mistype anything i used

login = t
pass = t (aBSfnUTuie/g2 in database)

and added

Code: Select all

or die(mysql_error());
mysql from phpinfo
mysql

MySQL Support enabled
Active Persistent Links 0
Active Links 0
Client API version 3.23.57

Directive Local Value Master Value
mysql.allow_persistent On On
mysql.connect_timeout 60 60
mysql.default_host no value no value
mysql.default_password no value no value
mysql.default_port no value no value
mysql.default_socket no value no value
mysql.default_user no value no value
mysql.max_links Unlimited Unlimited
mysql.max_persistent Unlimited Unlimited
mysql.trace_mode Off Off

Posted: Sun Jul 18, 2004 2:49 am
by feyd
have you tried adding some unique echos to see if the 401 is coming from the first or second?

Posted: Sun Jul 18, 2004 5:23 pm
by ol4pr0
Yea i did however i am not gettning back any echo.s

Posted: Sun Jul 18, 2004 5:28 pm
by feyd
then you may have a parse error or something, is error_reporting set to E_ALL, and display_errors to 1/true?

Posted: Sun Jul 18, 2004 6:06 pm
by ol4pr0
They are set.

error_reporting = E_ALL & ~E_NOTICE & ~E_STRICT
display_errors = On