WWW-Authenticate problem

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
davej
Forum Newbie
Posts: 4
Joined: Mon Jun 13, 2005 1:09 pm

WWW-Authenticate problem

Post by davej »

Hi all
I am migrating a site from a windows box to a linux. Everything seems to be working except the admin login which use the header function with WWW-Authenticate. When you go the log in page the pop up window comes up but it seems that it does not pass the user and password variables back to the page

Code: Select all

if (!isset($PHP_AUTH_USER)) {
                header('WWW-Authenticate: Basic realm="Admin Area"');
                header('HTTP/1.0 401 Unauthorized');
                echo 'Authorization Required.';
                exit;
}
I have safe mose turned off I am not sure why it is only partialy working.

thanx
dave
User avatar
nigma
DevNet Resident
Posts: 1094
Joined: Sat Jan 25, 2003 1:49 am

Post by nigma »

Belongs in PHP - Code.
R0d Longfella
Forum Newbie
Posts: 20
Joined: Fri Apr 08, 2005 7:17 am

Post by R0d Longfella »

Make sure that you're running php as a apache module. (I presume you're using apache) And that WWW-Authentication is enabled.
davej
Forum Newbie
Posts: 4
Joined: Mon Jun 13, 2005 1:09 pm

yes

Post by davej »

I am running apache. As far as I know it is on. The pop up window to login pops up. I looked through the httpd.conf file for WWW-Authentication put could not find it. I also looked through the php.ini.
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

You might want to check register_globals configuration...
davej
Forum Newbie
Posts: 4
Joined: Mon Jun 13, 2005 1:09 pm

there on

Post by davej »

I have register_globals set to on so that should be ok

dave
R0d Longfella
Forum Newbie
Posts: 20
Joined: Fri Apr 08, 2005 7:17 am

Post by R0d Longfella »

I'm using the following function in one project. Please try if it works. If it doesn't could you output $_SERVER, that should contain 'PHP_AUTH_USER'. ( ie. print_r ($_SERVER); Make sure you remove all vital passwords for your server, if there are any )

Code: Select all

function doAdminLogin() {
    global $bLoggedIn;
    if (!isset($_SERVER['PHP_AUTH_USER']) ||
        ($_SERVER['PHP_AUTH_USER'] != 'root') ||
        ($_SERVER['PHP_AUTH_PW'] != 'password')
       ) {
      header('WWW-Authenticate: Basic realm="Private"');
      header('HTTP/1.0 401 Unauthorized');
      echo 'Sorry, no entrance.';
      exit;
    } else {
      $_SESSION['bLoggedIn'] = true;
      $bLoggedIn = true;
    }
  }
Post Reply