HTTP Authentication

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
irishmike2004
Forum Contributor
Posts: 119
Joined: Mon Nov 15, 2004 3:54 pm
Location: Lawrence, Kansas

HTTP Authentication

Post by irishmike2004 »

Greetings:

I am new to PHP programming and running PHP 5.0.2 on a mac ontop of apache 1.3 and been trying to implement the standard HTTP authentication code to use in a member only section in a very simple configuration, in other words the complete authentication will happen on the PHP page.

I have seen much code, but it doesn't seem to work in FireFox 1.0 which is my browser of choice. The target audience for the site is mac users and wanted to see if I could get some help fixing this or a better method for work around. The code I had available was:

Code: Select all

<?php
if ((!isset($PHP_AUTH_USER)) || 
    (!isset($PHP_AUTH_PW)) || 
    ($PHP_AUTH_USER != "guest") || 
    ($PHP_AUTH_PW != "guest"))
&#123;
    header('WWW-Authenticate: Basic realm="Private Area"');
    header("HTTP/1.1 401 Unauthorized");
    print "This page requires authorisation.";
    exit();
&#125;
else
&#123;
    print "You're through to the secret page, was the effort worth it?";
&#125; 
?>
This page if you enter guest just re-spawns the login box... ideally we would make the page with a form and the authentication would happen from our form. Any Help is REALLY appreciated.
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Post by Weirdan »

use $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] instead of $PHP_AUTH_USER and $PHP_AUTH_PW respectively. Additional information: http://www.php.net/manual/en/security.globals.php
irishmike2004
Forum Contributor
Posts: 119
Joined: Mon Nov 15, 2004 3:54 pm
Location: Lawrence, Kansas

Post by irishmike2004 »

Thanks, same result with those variables... read the page no help. Still where I was though.
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Post by Weirdan »

irishmike2004 wrote:Thanks, same result with those variables... read the page no help. Still where I was though.
use this code:

Code: Select all

header('WWW-Authenticate: Basic realm="Private Area"');
    header("HTTP/1.1 401 Unauthorized");
    print "This page requires authorisation.";
    echo '<pre>';
    var_dump($_SERVER);
    echo '</pre>';
and when it asks for password second time press 'Cancel' and copy what it yields. Post the output here and then we'll be able to help you, perhaps.
irishmike2004
Forum Contributor
Posts: 119
Joined: Mon Nov 15, 2004 3:54 pm
Location: Lawrence, Kansas

Server Dump per Request

Post by irishmike2004 »

Here is the output requested:

Code: Select all

This page requires authorization.

array(31) &#123;
  &#1111;"DOCUMENT_ROOT"]=>
  string(28) "/Library/WebServer/Documents"
  &#1111;"HTTP_ACCEPT"]=>
  string(99) "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5"
  &#1111;"HTTP_ACCEPT_CHARSET"]=>
  string(30) "ISO-8859-1,utf-8;q=0.7,*;q=0.7"
  &#1111;"HTTP_ACCEPT_ENCODING"]=>
  string(12) "gzip,deflate"
  &#1111;"HTTP_ACCEPT_LANGUAGE"]=>
  string(14) "en-us,en;q=0.5"
  &#1111;"HTTP_CONNECTION"]=>
  string(10) "keep-alive"
  &#1111;"HTTP_HOST"]=>
  string(9) "127.0.0.1"
  &#1111;"HTTP_KEEP_ALIVE"]=>
  string(3) "300"
  &#1111;"HTTP_USER_AGENT"]=>
  string(87) "Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; rv:1.7.3) Gecko/20041001 Firefox/0.10.1"
  &#1111;"PATH"]=>
  string(71) "/bin:/sbin:/usr/bin:/usr/sbin:/usr/libexec:/System/Library/CoreServices"
  &#1111;"REMOTE_ADDR"]=>
  string(9) "127.0.0.1"
  &#1111;"REMOTE_PORT"]=>
  string(5) "59256"
  &#1111;"SCRIPT_FILENAME"]=>
  string(35) "/Users/jmikeneedham/Sites/login.php"
  &#1111;"SCRIPT_URI"]=>
  string(61) "http://j-mike-needhams-computer.local/~jmikeneedham/login.php"
  &#1111;"SCRIPT_URL"]=>
  string(24) "/~jmikeneedham/login.php"
  &#1111;"SERVER_ADDR"]=>
  string(9) "127.0.0.1"
  &#1111;"SERVER_ADMIN"]=>
  string(18) "&#1111;no address given]"
  &#1111;"SERVER_NAME"]=>
  string(30) "j-mike-needhams-computer.local"
  &#1111;"SERVER_PORT"]=>
  string(2) "80"
  &#1111;"SERVER_SIGNATURE"]=>
  string(82) "
Apache/1.3.29 Server at j-mike-needhams-computer.local Port 80

"
  &#1111;"SERVER_SOFTWARE"]=>
  string(32) "Apache/1.3.29 (Darwin) PHP/5.0.2"
  &#1111;"GATEWAY_INTERFACE"]=>
  string(7) "CGI/1.1"
  &#1111;"SERVER_PROTOCOL"]=>
  string(8) "HTTP/1.1"
  &#1111;"REQUEST_METHOD"]=>
  string(3) "GET"
  &#1111;"QUERY_STRING"]=>
  string(0) ""
  &#1111;"REQUEST_URI"]=>
  string(24) "/~jmikeneedham/login.php"
  &#1111;"SCRIPT_NAME"]=>
  string(24) "/~jmikeneedham/login.php"
  &#1111;"PATH_TRANSLATED"]=>
  string(35) "/Users/jmikeneedham/Sites/login.php"
  &#1111;"PHP_SELF"]=>
  string(24) "/~jmikeneedham/login.php"
  &#1111;"PHP_AUTH_USER"]=>
  string(5) "guest"
  &#1111;"PHP_AUTH_PW"]=>
  string(5) "guest"
&#125;
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Post by Weirdan »

Code: Select all

<?php
if ((!isset($_SERVER['PHP_AUTH_USER'])) ||
    (!isset($_SERVER['PHP_AUTH_PW'])) ||
    ($_SERVER['PHP_AUTH_USER'] != "guest") ||
    ($_SERVER['PHP_AUTH_PW'] != "guest"))
{
    header('WWW-Authenticate: Basic realm="Private Area"');
    header("HTTP/1.1 401 Unauthorized");
    print "This page requires authorisation.";
    exit();
}
else
{
    print "You're through to the secret page, was the effort worth it?";
}
?>
should work.
irishmike2004
Forum Contributor
Posts: 119
Joined: Mon Nov 15, 2004 3:54 pm
Location: Lawrence, Kansas

Post by irishmike2004 »

It worked... Thanks for the help :-)
Post Reply