Page 1 of 1
HTTP Authentication
Posted: Thu Nov 18, 2004 7:32 pm
by irishmike2004
Greetings:
I am new to PHP programming and running PHP 5.0.2 on a mac ontop of apache 1.3 and been trying to implement the standard HTTP authentication code to use in a member only section in a very simple configuration, in other words the complete authentication will happen on the PHP page.
I have seen much code, but it doesn't seem to work in FireFox 1.0 which is my browser of choice. The target audience for the site is mac users and wanted to see if I could get some help fixing this or a better method for work around. The code I had available was:
Code: Select all
<?php
if ((!isset($PHP_AUTH_USER)) ||
(!isset($PHP_AUTH_PW)) ||
($PHP_AUTH_USER != "guest") ||
($PHP_AUTH_PW != "guest"))
{
header('WWW-Authenticate: Basic realm="Private Area"');
header("HTTP/1.1 401 Unauthorized");
print "This page requires authorisation.";
exit();
}
else
{
print "You're through to the secret page, was the effort worth it?";
}
?>
This page if you enter guest just re-spawns the login box... ideally we would make the page with a form and the authentication would happen from our form. Any Help is REALLY appreciated.
Posted: Thu Nov 18, 2004 10:34 pm
by Weirdan
use $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] instead of $PHP_AUTH_USER and $PHP_AUTH_PW respectively. Additional information:
http://www.php.net/manual/en/security.globals.php
Posted: Thu Nov 18, 2004 10:53 pm
by irishmike2004
Thanks, same result with those variables... read the page no help. Still where I was though.
Posted: Thu Nov 18, 2004 11:04 pm
by Weirdan
irishmike2004 wrote:Thanks, same result with those variables... read the page no help. Still where I was though.
use this code:
Code: Select all
header('WWW-Authenticate: Basic realm="Private Area"');
header("HTTP/1.1 401 Unauthorized");
print "This page requires authorisation.";
echo '<pre>';
var_dump($_SERVER);
echo '</pre>';
and when it asks for password
second time press 'Cancel' and copy what it yields. Post the output here and then we'll be able to help you, perhaps.
Server Dump per Request
Posted: Thu Nov 18, 2004 11:26 pm
by irishmike2004
Here is the output requested:
Code: Select all
This page requires authorization.
array(31) {
ї"DOCUMENT_ROOT"]=>
string(28) "/Library/WebServer/Documents"
ї"HTTP_ACCEPT"]=>
string(99) "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5"
ї"HTTP_ACCEPT_CHARSET"]=>
string(30) "ISO-8859-1,utf-8;q=0.7,*;q=0.7"
ї"HTTP_ACCEPT_ENCODING"]=>
string(12) "gzip,deflate"
ї"HTTP_ACCEPT_LANGUAGE"]=>
string(14) "en-us,en;q=0.5"
ї"HTTP_CONNECTION"]=>
string(10) "keep-alive"
ї"HTTP_HOST"]=>
string(9) "127.0.0.1"
ї"HTTP_KEEP_ALIVE"]=>
string(3) "300"
ї"HTTP_USER_AGENT"]=>
string(87) "Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; rv:1.7.3) Gecko/20041001 Firefox/0.10.1"
ї"PATH"]=>
string(71) "/bin:/sbin:/usr/bin:/usr/sbin:/usr/libexec:/System/Library/CoreServices"
ї"REMOTE_ADDR"]=>
string(9) "127.0.0.1"
ї"REMOTE_PORT"]=>
string(5) "59256"
ї"SCRIPT_FILENAME"]=>
string(35) "/Users/jmikeneedham/Sites/login.php"
ї"SCRIPT_URI"]=>
string(61) "http://j-mike-needhams-computer.local/~jmikeneedham/login.php"
ї"SCRIPT_URL"]=>
string(24) "/~jmikeneedham/login.php"
ї"SERVER_ADDR"]=>
string(9) "127.0.0.1"
ї"SERVER_ADMIN"]=>
string(18) "їno address given]"
ї"SERVER_NAME"]=>
string(30) "j-mike-needhams-computer.local"
ї"SERVER_PORT"]=>
string(2) "80"
ї"SERVER_SIGNATURE"]=>
string(82) "
Apache/1.3.29 Server at j-mike-needhams-computer.local Port 80
"
ї"SERVER_SOFTWARE"]=>
string(32) "Apache/1.3.29 (Darwin) PHP/5.0.2"
ї"GATEWAY_INTERFACE"]=>
string(7) "CGI/1.1"
ї"SERVER_PROTOCOL"]=>
string(8) "HTTP/1.1"
ї"REQUEST_METHOD"]=>
string(3) "GET"
ї"QUERY_STRING"]=>
string(0) ""
ї"REQUEST_URI"]=>
string(24) "/~jmikeneedham/login.php"
ї"SCRIPT_NAME"]=>
string(24) "/~jmikeneedham/login.php"
ї"PATH_TRANSLATED"]=>
string(35) "/Users/jmikeneedham/Sites/login.php"
ї"PHP_SELF"]=>
string(24) "/~jmikeneedham/login.php"
ї"PHP_AUTH_USER"]=>
string(5) "guest"
ї"PHP_AUTH_PW"]=>
string(5) "guest"
}
Posted: Thu Nov 18, 2004 11:38 pm
by Weirdan
Code: Select all
<?php
if ((!isset($_SERVER['PHP_AUTH_USER'])) ||
(!isset($_SERVER['PHP_AUTH_PW'])) ||
($_SERVER['PHP_AUTH_USER'] != "guest") ||
($_SERVER['PHP_AUTH_PW'] != "guest"))
{
header('WWW-Authenticate: Basic realm="Private Area"');
header("HTTP/1.1 401 Unauthorized");
print "This page requires authorisation.";
exit();
}
else
{
print "You're through to the secret page, was the effort worth it?";
}
?>
should work.
Posted: Fri Nov 19, 2004 6:10 am
by irishmike2004
It worked... Thanks for the help
