I've been stuck on trying to get the HTTP authentication to work just right and have been on this for two days now. I've got the code up and running. It basically connects up to a mysql database to authenticate the users. What is working is that when a user first hits the webpage, they get a login box. If they login the first time successfully, they can access the page. However, if they don;t login correctly the first time, they are not given the option to retry. Refreshing the webpage does not let them login again.
I was trying to code it so that they could have 3 tries before getting the "error: bad username and pasword combination" message. But right now they either enter in their UN & PWD on the first try correctly, or they have to close and re-open their browser.
Any help is appreciated!
Thanks,
Paul
Code: Select all
<?php
/*
################
### Note
################
You must connect to the database before calling the authentication_test function!
Its member functions require being connected to the database to get and compare
username and passwords
*/
/*Kicks off the testing to make sure that only an authenticated user gets in. The
way this is currently setup the user gets 3 tries before they are forced to go
to the error page.*/
function authentication_test()
{
$valid_user = false; //Always assume user is invald
$counter = 0;
while ( (! $valid_user) && ($counter <= 3) )
{
$user_name = $_SERVERї'PHP_AUTH_USER']; //Get user name if entered
$password = $_SERVERї'PHP_AUTH_PW']; //Get password if entered
if ( (! isset($user_name)) || (! isset($password)) )//if either are blank
{
send_401_prompt(); //Send error to browser
}
else
{
if (is_valid($user_name, $password)) //Credentials checkout ok?
{
$valid_user = true;
}
else //Bad credentials, send error
{
send_401_prompt();
}
}
$counter++;
}
}
/*This sends the "Error 401 bad authentication" type error to the browser. The
browser is responsible for either giving the user another chance to enter in
a user_name & password or letting them hit cancel and stop trying. If they enter
in another username and password, then it will retry their credentials.*/
function send_401_prompt()
{ //Send challenge response -> Dialog box for user_name and password
header("WWW-Authenticate: Basic realm="Review Submissions"");
header("HTTP/1.1 401 Unauthorized");
//If the user hits the cancel button....
//Setup the reponse displayed if user cancels the challenge
echo "<h2>Access Denied!</h2>\n";
echo "Bad user name and password combination.\n";
exit; //Stop running code
}
/*This takes the user_name and password and looks for a match in the mySQL database.
If a match is found, true is returned, otherwise return false.*/
function is_valid( &$user_name, &$password)
{
//So grab timmy's password....
$result = mysql_query("SELECT Pwd FROM users WHERE Username = '$user_name'");
$row = mysql_fetch_array($result, MYSQL_NUM); //Grab password out of result set
$password = md5(trim($password)); //Get rid of any whitespace and put password into md5 format
//<debug>
//echo "UN: $user_name<br />\n";
//echo "PWD: $password<br />\n";
//</debug>
if ($rowї0] == $password) //Do the passwords match?
return true;
else
return false;
}
?>