HTTP Authenticatio Woes

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
jolinar
Forum Commoner
Posts: 61
Joined: Tue May 24, 2005 4:24 pm
Location: in front of computer

HTTP Authenticatio Woes

Post by jolinar »

Weirdan | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


As part of a webdevelopment project I'm doing for a friend (adding php and database functionality to a static website) I need to set up authentication (He uses the site to list essays and other works he's produced, I want to make sure that only he can add/remove work)
using HTTP authentication.

Then the problems started.  The main source I'm working off is the authentication tutorial on webmonkey.com - http://www.webmonkey.com/webmonkey/00/0 ... rogramming

I've copied and pasted the code and am running in to some problems.  On the second example (where the password is listed explicitely in the code as admin abc123) the password isn't accepted.

Code: Select all

if (!isset($PHP_AUTH_USER)) {

		// If empty, send header causing dialog box to appear

		header('WWW-Authenticate: Basic realm="My Private Stuff"');
		header('HTTP/1.0 401 Unauthorized');
		echo 'Authorization Required.';
		exit;

	} else if (isset($PHP_AUTH_USER)) {

		if (($PHP_AUTH_USER != "admin") || ($PHP_AUTH_PW != "abc123")) {

			header('WWW-Authenticate: Basic realm="My Private Stuff"');
			header('HTTP/1.0 401 Unauthorized');
			echo 'Authorization Required.';
			exit;

		} else {
			echo "
			<P>You're authorized!</p>
			";
		}
Is this a problem with their code or is it moire likely to be a problem with the say I have my test server set up?


Weirdan | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

Your outer if clause is superfluous. Stick with this:

Code: Select all

if (($PHP_AUTH_USER != "admin") || ($PHP_AUTH_PW != "abc123")) 
{
  header('WWW-Authenticate: Basic realm="My Private Stuff"');
  header('HTTP/1.0 401 Unauthorized');
  echo 'Authorization Required.';
  exit;
} 
else {
  echo "<br />You're authorized!";
}
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
User avatar
jolinar
Forum Commoner
Posts: 61
Joined: Tue May 24, 2005 4:24 pm
Location: in front of computer

Post by jolinar »

Thanks, that's tidied up the code quite nicely :D

Unfortunately I still don't know why it isn't working :(
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

What happens when you change the condition to only check if $PHP_AUTH_USER is set - what if you don't care what username is entered?

Maybe try outputing the username & password entered - see if it matches up with what you'd expect.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
User avatar
jolinar
Forum Commoner
Posts: 61
Joined: Tue May 24, 2005 4:24 pm
Location: in front of computer

Post by jolinar »

Using:

Code: Select all

if(!$PHP_AUTH_USER)
It still continues to demand authentication.
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

Is your PHP installed as an Apache module? If not, this won't work.

Other than that, I'm not too sure.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Post by Weirdan »

for php-cgi there's workaround using mod_rewrite
Post Reply