I am trying to make a script that will make the user enter a username and password. I would like to do it using HTTP Authentication. Problem is all tutorials I found on doing this with PHP are either outdated and dont work or just dont work. I got the script to prompt for a username and pass and if you enter it correctly you get in, if you dont, you dont get in. BUT the problem is you have to enter your username and pass 3 times before you get in. Here is my code(I am new to PHP so if you have any suggestions on ways to improve or make my code more efficient they would be greatly appreciated):
<?
$cnt = 0;
while ($cnt == 0) {
header('WWW-Authenticate: Basic realm="test realm"');
header('HTTP/1.0 401 Unauthorized');
if (($_SERVER['PHP_AUTH_USER'] == 'test') && ($_SERVER['PHP_AUTH_PW'] == 'test')) {
$cnt = 1;
}
else {
echo("NOT AUTHENTICATED!");
exit;
}
}
?>
Thanks a bunch for any help provided.
HTTP Authentication help
Moderator: General Moderators
you're sending the 401-header unconditionally.
So it doesn't matter wether you entered the correct login/password or not.
Why you can enter the site after three retries is a minor miracle to me
try
So it doesn't matter wether you entered the correct login/password or not.
Why you can enter the site after three retries is a minor miracle to me
try
Code: Select all
<?php
function checkLogin()
{ // dummy-login-procedure
if ( isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])
&& $_SERVER['PHP_AUTH_USER'] == 'test' && $_SERVER['PHP_AUTH_PW'] == 'test'
)
return TRUE;
else
return FALSE;
}
if (checkLogin() == FALSE)
{
header('WWW-Authenticate: Basic realm="test realm"');
header('HTTP/1.0 401 Unauthorized');
die("NOT AUTHENTICATED!");
}
?><html><body>welcome to my fancy homepage....</body></html>Wait. Just have one more question that you might be able to answer. If I want to make this file called protect.php. When I add:
<?php require_once("protect.php");?>
to the top of my other php scripts it doesn't open the protect.php script that you let me check out. How would I make it so I could make this script run before anything else in any code file of mine?
<?php require_once("protect.php");?>
to the top of my other php scripts it doesn't open the protect.php script that you let me check out. How would I make it so I could make this script run before anything else in any code file of mine?
maybe I'm still not awaken but it should work. What exactly does happen instead?
You might also be interested in http://www.php.net/manual/en/configurat ... epend-file
you can prepend files on a per-directory-basis via .htaccess (if available
)
You might also be interested in http://www.php.net/manual/en/configurat ... epend-file
you can prepend files on a per-directory-basis via .htaccess (if available