HTTP authentication with PHP
Moderator: General Moderators
HTTP authentication with PHP
Hi everyone,
I'm writing code for HTTP authentication with PHP. I tried to get the username from the popup with the following code:
$user_name = trim($_SERVER[‘PHP_AUTH_USER’]);
$user_password = trim($_SERVER[‘PHP_AUTH_PW’]);
but when i added
echo $user_name;
, nothing came out.
Is there something wrong with my code?
THANKS!
I'm writing code for HTTP authentication with PHP. I tried to get the username from the popup with the following code:
$user_name = trim($_SERVER[‘PHP_AUTH_USER’]);
$user_password = trim($_SERVER[‘PHP_AUTH_PW’]);
but when i added
echo $user_name;
, nothing came out.
Is there something wrong with my code?
THANKS!
Is php installed as apache module?
what doesprint?
what does
Code: Select all
<?php
echo 'version: ', phpversion(), "<br />\n";
echo 'sapi: ', php_sapi_name(), "<br />\n";feyd | Please use
Right now, it gets up to line #31, then outputs "'Couldn’t execute query". I'm guessing it has something to do with the fact that it executes nothing even with the command echo $user_name;
feyd | Please use
Code: Select all
,Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
[color=darkred]Here is all my code: [/color]Code: Select all
<?php
function authenticate() {
header('WWW-Authenticate: Basic realm="Test Authentication System"');
header('HTTP/1.0 401 Unauthorized');
echo "You must enter a valid login ID and password to access this resource\n";
exit;
}
if (!isset($_SERVER['PHP_AUTH_USER']) ||
($_POST['SeenBefore'] == 1 && $_POST['OldAuth'] == $_SERVER['PHP_AUTH_USER'])) {
authenticate();
}
else #18
{
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = '';
$database = 'useraccount';
$user_name = ($_SERVER[‘PHP_AUTH_USER’]); #21
$user_password = trim($_SERVER[‘PHP_AUTH_PW’]);
$connection = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql');
$db = mysql_select_db($database,$connection)or die ('Couldn’t select database.');
$sql = "SELECT user_name FROM valid_user WHERE user_name = ‘$user_name’ AND password = md5(‘$user_password’)";
echo $user_name;
$result = mysql_query($sql) or die('Couldn’t execute query.'); #31
$num = mysql_num_rows($result); #32
if ($num < 1) // user name/password not found #33
{
exit('The User Name or password you entered
is not valid.<br>');
} #37
} #38
// Web page content. #39
include(“Welcome.inc”); #40
?>feyd | Please use
Code: Select all
,Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]should be$_SERVER[‘PHP_AUTH_USER’]
Code: Select all
$_SERVER['PHP_AUTH_USER']should beuser_name = ‘$user_name’ AND password = md5(‘$user_password’)
Code: Select all
user_name = '$user_name' AND password = md5('$user_password')please try
Code: Select all
$database = 'useraccount';
$connection = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql');
$db = mysql_select_db($database,$connection)or die ('Couldn’t select database.');
$user_name = mysql_real_escape_string($_SERVER['PHP_AUTH_USER'], $connection); #21
$user_password = md5(trim($_SERVER['PHP_AUTH_PW']));
$sql = "SELECT user_name FROM valid_user WHERE user_name='$user_name' AND `password`='$user_password'";
echo '<div>Debug: ', htmlentities($sql), "</div>\n";
$result = mysql_query($sql) or die(mysql_error()); #31Please also note that mysql_real_escape_string has been applied to PHP_AUTH_USER to avoid problems with characters that cause trouble in an sql statement. see http://de3.php.net/security.database.sql-injection