HTTP Authentication help

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
nigma
DevNet Resident
Posts: 1094
Joined: Sat Jan 25, 2003 1:49 am

HTTP Authentication help

Post by nigma »

I am trying to make a script that will make the user enter a username and password. I would like to do it using HTTP Authentication. Problem is all tutorials I found on doing this with PHP are either outdated and dont work or just dont work. I got the script to prompt for a username and pass and if you enter it correctly you get in, if you dont, you dont get in. BUT the problem is you have to enter your username and pass 3 times before you get in. Here is my code(I am new to PHP so if you have any suggestions on ways to improve or make my code more efficient they would be greatly appreciated):

<?
$cnt = 0;
while ($cnt == 0) {
header('WWW-Authenticate: Basic realm="test realm"');
header('HTTP/1.0 401 Unauthorized');
if (($_SERVER['PHP_AUTH_USER'] == 'test') && ($_SERVER['PHP_AUTH_PW'] == 'test')) {
$cnt = 1;
}
else {
echo("NOT AUTHENTICATED!");
exit;
}
}
?>

Thanks a bunch for any help provided.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

you're sending the 401-header unconditionally.
So it doesn't matter wether you entered the correct login/password or not.
Why you can enter the site after three retries is a minor miracle to me ;)
try

Code: Select all

<?php
function checkLogin()
{ // dummy-login-procedure
	if	(	isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])
		&&	$_SERVER['PHP_AUTH_USER'] == 'test' && $_SERVER['PHP_AUTH_PW'] == 'test'
			)
		return TRUE;
	else
		return FALSE;
}

if (checkLogin() == FALSE)
{
	header('WWW-Authenticate: Basic realm="test realm"');
	header('HTTP/1.0 401 Unauthorized');
	die("NOT AUTHENTICATED!");
}
?><html><body>welcome to my fancy homepage....</body></html>
User avatar
nigma
DevNet Resident
Posts: 1094
Joined: Sat Jan 25, 2003 1:49 am

Post by nigma »

Hey thanks a bunch. It works on the first try :) heh. I am going to fool with the code you gave me for a bit.

Thanks for the help, its really appreciated.
User avatar
nigma
DevNet Resident
Posts: 1094
Joined: Sat Jan 25, 2003 1:49 am

Post by nigma »

Wait. Just have one more question that you might be able to answer. If I want to make this file called protect.php. When I add:
<?php require_once("protect.php");?>

to the top of my other php scripts it doesn't open the protect.php script that you let me check out. How would I make it so I could make this script run before anything else in any code file of mine?
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

maybe I'm still not awaken but it should work. What exactly does happen instead?

You might also be interested in http://www.php.net/manual/en/configurat ... epend-file
you can prepend files on a per-directory-basis via .htaccess (if available ;) )
User avatar
nigma
DevNet Resident
Posts: 1094
Joined: Sat Jan 25, 2003 1:49 am

Post by nigma »

I tried using .htaccess files, but none worked. I have tried like 3 tutorials all for setting up .htaccess and .htpasswd files on Windows with Apache2 webserver. I am running WinXP Pro, and Red Hat 7.2(but right now there is not net working on that), so my Apache2 is Win32 right now.
User avatar
nigma
DevNet Resident
Posts: 1094
Joined: Sat Jan 25, 2003 1:49 am

Post by nigma »

When I require the file once, nothing happens at all. The script acts as though I never added that line.

Thanks for the link. I am checking it out.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

have you took a look in apaches's error.log?
Maybe the header could not be sent.
User avatar
nigma
DevNet Resident
Posts: 1094
Joined: Sat Jan 25, 2003 1:49 am

Post by nigma »

I checked that out and it did not have any errors about not being able to send the header. But, I tried the require_once and it worked. I dont know what is going on. I tried it like six times yesterday and I checked my syntax but it wasn't working.

Thanks for the help, it's greatly appreciated.
Post Reply