Page 1 of 1

WWW-Authenticate problem

Posted: Mon Jun 13, 2005 1:18 pm
by davej
Hi all
I am migrating a site from a windows box to a linux. Everything seems to be working except the admin login which use the header function with WWW-Authenticate. When you go the log in page the pop up window comes up but it seems that it does not pass the user and password variables back to the page

Code: Select all

if (!isset($PHP_AUTH_USER)) {
                header('WWW-Authenticate: Basic realm="Admin Area"');
                header('HTTP/1.0 401 Unauthorized');
                echo 'Authorization Required.';
                exit;
}
I have safe mose turned off I am not sure why it is only partialy working.

thanx
dave

Posted: Mon Jun 13, 2005 1:18 pm
by nigma
Belongs in PHP - Code.

Posted: Mon Jun 13, 2005 1:24 pm
by R0d Longfella
Make sure that you're running php as a apache module. (I presume you're using apache) And that WWW-Authentication is enabled.

yes

Posted: Mon Jun 13, 2005 1:47 pm
by davej
I am running apache. As far as I know it is on. The pop up window to login pops up. I looked through the httpd.conf file for WWW-Authentication put could not find it. I also looked through the php.ini.

Posted: Mon Jun 13, 2005 3:46 pm
by timvw
You might want to check register_globals configuration...

there on

Posted: Mon Jun 13, 2005 4:01 pm
by davej
I have register_globals set to on so that should be ok

dave

Posted: Tue Jun 14, 2005 6:03 am
by R0d Longfella
I'm using the following function in one project. Please try if it works. If it doesn't could you output $_SERVER, that should contain 'PHP_AUTH_USER'. ( ie. print_r ($_SERVER); Make sure you remove all vital passwords for your server, if there are any )

Code: Select all

function doAdminLogin() {
    global $bLoggedIn;
    if (!isset($_SERVER['PHP_AUTH_USER']) ||
        ($_SERVER['PHP_AUTH_USER'] != 'root') ||
        ($_SERVER['PHP_AUTH_PW'] != 'password')
       ) {
      header('WWW-Authenticate: Basic realm="Private"');
      header('HTTP/1.0 401 Unauthorized');
      echo 'Sorry, no entrance.';
      exit;
    } else {
      $_SESSION['bLoggedIn'] = true;
      $bLoggedIn = true;
    }
  }