Page 1 of 1

HTTP Authenticatio Woes

Posted: Thu Aug 31, 2006 9:50 am
by jolinar
Weirdan | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


As part of a webdevelopment project I'm doing for a friend (adding php and database functionality to a static website) I need to set up authentication (He uses the site to list essays and other works he's produced, I want to make sure that only he can add/remove work)
using HTTP authentication.

Then the problems started.  The main source I'm working off is the authentication tutorial on webmonkey.com - http://www.webmonkey.com/webmonkey/00/0 ... rogramming

I've copied and pasted the code and am running in to some problems.  On the second example (where the password is listed explicitely in the code as admin abc123) the password isn't accepted.

Code: Select all

if (!isset($PHP_AUTH_USER)) {

		// If empty, send header causing dialog box to appear

		header('WWW-Authenticate: Basic realm="My Private Stuff"');
		header('HTTP/1.0 401 Unauthorized');
		echo 'Authorization Required.';
		exit;

	} else if (isset($PHP_AUTH_USER)) {

		if (($PHP_AUTH_USER != "admin") || ($PHP_AUTH_PW != "abc123")) {

			header('WWW-Authenticate: Basic realm="My Private Stuff"');
			header('HTTP/1.0 401 Unauthorized');
			echo 'Authorization Required.';
			exit;

		} else {
			echo "
			<P>You're authorized!</p>
			";
		}
Is this a problem with their code or is it moire likely to be a problem with the say I have my test server set up?


Weirdan | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Thu Aug 31, 2006 10:00 am
by pickle
Your outer if clause is superfluous. Stick with this:

Code: Select all

if (($PHP_AUTH_USER != "admin") || ($PHP_AUTH_PW != "abc123")) 
{
  header('WWW-Authenticate: Basic realm="My Private Stuff"');
  header('HTTP/1.0 401 Unauthorized');
  echo 'Authorization Required.';
  exit;
} 
else {
  echo "<br />You're authorized!";
}

Posted: Thu Aug 31, 2006 10:14 am
by jolinar
Thanks, that's tidied up the code quite nicely :D

Unfortunately I still don't know why it isn't working :(

Posted: Thu Aug 31, 2006 10:19 am
by pickle
What happens when you change the condition to only check if $PHP_AUTH_USER is set - what if you don't care what username is entered?

Maybe try outputing the username & password entered - see if it matches up with what you'd expect.

Posted: Thu Aug 31, 2006 10:22 am
by jolinar
Using:

Code: Select all

if(!$PHP_AUTH_USER)
It still continues to demand authentication.

Posted: Thu Aug 31, 2006 11:01 am
by pickle
Is your PHP installed as an Apache module? If not, this won't work.

Other than that, I'm not too sure.

Posted: Thu Aug 31, 2006 2:45 pm
by Weirdan
for php-cgi there's workaround using mod_rewrite