Page 1 of 1

HTTP Authentication help

Posted: Sat Jan 25, 2003 1:49 am
by nigma
I am trying to make a script that will make the user enter a username and password. I would like to do it using HTTP Authentication. Problem is all tutorials I found on doing this with PHP are either outdated and dont work or just dont work. I got the script to prompt for a username and pass and if you enter it correctly you get in, if you dont, you dont get in. BUT the problem is you have to enter your username and pass 3 times before you get in. Here is my code(I am new to PHP so if you have any suggestions on ways to improve or make my code more efficient they would be greatly appreciated):

<?
$cnt = 0;
while ($cnt == 0) {
header('WWW-Authenticate: Basic realm="test realm"');
header('HTTP/1.0 401 Unauthorized');
if (($_SERVER['PHP_AUTH_USER'] == 'test') && ($_SERVER['PHP_AUTH_PW'] == 'test')) {
$cnt = 1;
}
else {
echo("NOT AUTHENTICATED!");
exit;
}
}
?>

Thanks a bunch for any help provided.

Posted: Sat Jan 25, 2003 2:30 am
by volka
you're sending the 401-header unconditionally.
So it doesn't matter wether you entered the correct login/password or not.
Why you can enter the site after three retries is a minor miracle to me ;)
try

Code: Select all

<?php
function checkLogin()
{ // dummy-login-procedure
	if	(	isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])
		&&	$_SERVER['PHP_AUTH_USER'] == 'test' && $_SERVER['PHP_AUTH_PW'] == 'test'
			)
		return TRUE;
	else
		return FALSE;
}

if (checkLogin() == FALSE)
{
	header('WWW-Authenticate: Basic realm="test realm"');
	header('HTTP/1.0 401 Unauthorized');
	die("NOT AUTHENTICATED!");
}
?><html><body>welcome to my fancy homepage....</body></html>

Posted: Sat Jan 25, 2003 3:17 am
by nigma
Hey thanks a bunch. It works on the first try :) heh. I am going to fool with the code you gave me for a bit.

Thanks for the help, its really appreciated.

Posted: Sat Jan 25, 2003 3:21 am
by nigma
Wait. Just have one more question that you might be able to answer. If I want to make this file called protect.php. When I add:
<?php require_once("protect.php");?>

to the top of my other php scripts it doesn't open the protect.php script that you let me check out. How would I make it so I could make this script run before anything else in any code file of mine?

Posted: Sat Jan 25, 2003 4:03 am
by volka
maybe I'm still not awaken but it should work. What exactly does happen instead?

You might also be interested in http://www.php.net/manual/en/configurat ... epend-file
you can prepend files on a per-directory-basis via .htaccess (if available ;) )

Posted: Sat Jan 25, 2003 12:53 pm
by nigma
I tried using .htaccess files, but none worked. I have tried like 3 tutorials all for setting up .htaccess and .htpasswd files on Windows with Apache2 webserver. I am running WinXP Pro, and Red Hat 7.2(but right now there is not net working on that), so my Apache2 is Win32 right now.

Posted: Sat Jan 25, 2003 5:50 pm
by nigma
When I require the file once, nothing happens at all. The script acts as though I never added that line.

Thanks for the link. I am checking it out.

Posted: Sun Jan 26, 2003 12:19 am
by volka
have you took a look in apaches's error.log?
Maybe the header could not be sent.

Posted: Sun Jan 26, 2003 11:02 am
by nigma
I checked that out and it did not have any errors about not being able to send the header. But, I tried the require_once and it worked. I dont know what is going on. I tried it like six times yesterday and I checked my syntax but it wasn't working.

Thanks for the help, it's greatly appreciated.