HTTP Authentication not working?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
vittelite
Forum Newbie
Posts: 12
Joined: Tue Mar 08, 2005 9:23 am

HTTP Authentication not working?

Post by vittelite »

Hi, I'm trying to set up HTTP authentication for some of my pages and I can't seem to get it to work. For example at the very top of a page that I would like to have HTTP authentication on I have the following script:

Code: Select all

if ((!isset($PHP_AUTH_USER)) || 
    (!isset($PHP_AUTH_PW)) || 
    ($PHP_AUTH_USER != "guest") || 
    ($PHP_AUTH_PW != "guest"))
{
    header('WWW-Authenticate: Basic realm="Private Area"');
    header("HTTP/1.1 401 Unauthorized");
    print "This page requires authorisation.";
    exit();
}
else
{
    print "You're through to the secret page, was the effort worth it?";
}
For some reason though when I try to enter guest as the username and password the authentication window just pops up again and I'm given 3 tries until the error message prints. Any ideas? Thanks.
User avatar
nigma
DevNet Resident
Posts: 1094
Joined: Sat Jan 25, 2003 1:49 am

Post by nigma »

register globals is probably turned off. Also check out the php man page on http auth:
http://www.php.net/manual/en/features.http-auth.php
bobsta63
Forum Commoner
Posts: 28
Joined: Thu Apr 21, 2005 7:03 pm
Location: Ipswich, UK

Post by bobsta63 »

To turn on register globals, Open the PHP.ini file on a windows based pc usally found in C:\WINDOWS\PHP.ini and scroll down and just set:

register_globals = Off

to... amazingly...

register_globals = On

See if that works mate :)
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

bobsta63 wrote:To turn on register globals, Open the PHP.ini file on a windows based pc usally found in C:\WINDOWS\PHP.ini and scroll down and just set:

register_globals = Off

to... amazingly...

register_globals = On

See if that works mate :)
Highly recommended you leave register globals off. :|
bobsta63
Forum Commoner
Posts: 28
Joined: Thu Apr 21, 2005 7:03 pm
Location: Ipswich, UK

Post by bobsta63 »

Jcart wrote:
bobsta63 wrote:To turn on register globals, Open the PHP.ini file on a windows based pc usally found in C:\WINDOWS\PHP.ini and scroll down and just set:

register_globals = Off

to... amazingly...

register_globals = On

See if that works mate :)
Highly recommended you leave register globals off. :|
How come? What problems does it cause?
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

http://php.net/regoster_globals wrote:Perhaps the most controversial change in PHP is when the default value for the PHP directive register_globals went from ON to OFF in PHP 4.2.0. Reliance on this directive was quite common and many people didn't even know it existed and assumed it's just how PHP works. This page will explain how one can write insecure code with this directive but keep in mind that the directive itself isn't insecure but rather it's the misuse of it.

When on, register_globals will inject (poison) your scripts will all sorts of variables, like request variables from HTML forms. This coupled with the fact that PHP doesn't require variable initialization means writing insecure code is that much easier. It was a difficult decision, but the PHP community decided to disable this directive by default. When on, people use variables yet really don't know for sure where they come from and can only assume. Internal variables that are defined in the script itself get mixed up with request data sent by users and disabling register_globals changes this. Let's demonstrate with an example misuse of register_globals:
bobsta63
Forum Commoner
Posts: 28
Joined: Thu Apr 21, 2005 7:03 pm
Location: Ipswich, UK

Post by bobsta63 »

O I C :)
Post Reply