Page 1 of 1

HTTP Authentication problem!

Posted: Thu Apr 10, 2003 5:38 am
by Nik
Hello, do u see something wrong with this one?

<?php
ob_start(); error_reporting(E_ALL); $xronos=date("l dS of F h:i:s A"); $host=gethostbyaddr($_SERVER['REMOTE_ADDR']); $i=0;
echo "<body background=pics/anemos.jpg>";
echo "<font size=5 color=Pink>";

$tainia = $_POST['tainia'];
$cd = $_POST['cd'];
$user = $_SERVER['PHP_AUTH_USER'];
$pass = $_SERVER['PHP_AUTH_PW'];


if (@mysql_connect('localhost', 'nik', 'macgyver'));
else @mysql_connect('localhost', 'root');
mysql_select_db('db_nik');


$sql=mysql_query("SELECT * FROM member WHERE user='$user' AND pass='$pass'");
if (mysql_num_rows($sql)!=0)
$i=1;
else
$i=0;


if ($i==0)
{
header('WWW-Authenticate: Basic realm="Πές μου το Username σου για να καταλάβω ποιος είσαι =>"');
die ("Δεν σε έχω καταχωρημένο στην Ατζέντα μου .... πρέπει πρώτα να γραφτείς και μετά να ξανάρθεις :)");
}
else
{
if (isset($_POST['prosthiki'])) include 'prosthiki.php';
if (isset($_POST['emfanisi'])) include 'emfanisi.php';
if (isset($_POST['metavoli'])) include 'metavoli.php';
if (isset($_POST['diagrafi'])) include 'diagrafi.php';
}
?>

When this script tries to execute i get this error:

Notice: Undefined index: PHP_AUTH_USER in D:\web\check.php on line 8

Notice: Undefined index: PHP_AUTH_PW in D:\web\check.php on line 9

why???

Posted: Thu Apr 10, 2003 5:56 am
by volka
if the browser does not send the auth-fields then there is no $_SERVER['PHP_AUTH_USER'] or $_SERVER['PHP_AUTH_PW']. That's what php is complaining about

Posted: Fri Apr 11, 2003 11:04 am
by Nik
i see, so whats my next step?

Posted: Fri Apr 11, 2003 11:44 am
by volka
avoid using those elements if they are not set ;)
perform the query only if $_SERVER['PHP_AUTH_USER'] and/or $_SERVER['PHP_AUTH_PW'] are set. Otherwise or if the query fails send the authentication header.
Also read: http://www.php.net/manual/en/function.m ... string.php

Posted: Fri Apr 11, 2003 1:51 pm
by Nik
thanks for your willing to help but i didnt quite understand

i have already sent the header at this point

if ($i==0)
{
header('WWW-Authenticate: Basic realm="&#


why the http authentication window didint pop up?

Posted: Fri Apr 11, 2003 3:19 pm
by volka
you did not send the actual reason to authenticate ;)
try

Code: Select all

header('WWW-Authenticate: Basic realm="this realm"');
header("HTTP/1.0 401 Unauthorized");

Posted: Sat Apr 12, 2003 7:12 am
by Nik
No i did send it and in the server where i have uploaded my page it works ok! Teh problem is that in my localhost its not working and i dont know why! when i uses easyphp used to work great! Bu when i installed indigoperl with Apache php and perl everything works ok as usual except this authentication part!! :(

I beleive the code is ok. but indigoperl for some reason does inteprete it well !!
do you know why?

Posted: Sat Apr 12, 2003 8:07 am
by m3mn0n
It's probubly the settings. Different preinstalled php's have different php.ini setups. Check to see if what you want is enabled or not. :)

Posted: Sat Apr 12, 2003 9:36 am
by Nik
so php.ini is the troublemaker file hey??

cool!

thanks a lot man! ;)

Posted: Sun Apr 13, 2003 6:49 am
by Nik
Unfortunately i dont find out some entry in php.ini about http auhtentication! can anyone help me out?

Posted: Sun Apr 13, 2003 2:36 pm
by volka
hm, what happens if you send the 401-header unconditionally? The simple script

Code: Select all

<?php
header('WWW-Authenticate: Basic realm="this realm"');
header("HTTP/1.0 401 Unauthorized");
?>text you should see only if you aborted the auth
will do.

Posted: Sun Apr 13, 2003 5:02 pm
by Nik
i tied your script and see the following

Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, nik@mycosmos.gr and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.


--------------------------------------------------------------------------------

Apache/2.0.44 (Win32) mod_perl/1.99_08 Perl/v5.8.0 Server at p4 Port 80

now what?

Posted: Sun Apr 13, 2003 5:12 pm
by volka
ah, php is installed as cgi?
maybe header("Status: 401 Unauthorized") works, but I remember there was something about php/cgi and 401/PHP_AUTH_USER but I can't find it right now.

Posted: Mon Apr 14, 2003 9:54 am
by Nik
Someone pls kiss this guy!!!

Allow me to say that you are <span style='color:blue' title='I&#39;m naughty, are you naughty?'>smurf</span> good!

Thsi was a problem

<?php
header('WWW-Authenticate: Basic realm="this realm"');
header("HTTP/1.0 401 Unauthorized");
?>text you should see only if you aborted the auth

ans as u said this was the solution

<?php
header('WWW-Authenticate: Basic realm="this realm"');
header("Status: 401 Unauthorized");
?>text you should see only if you aborted the auth

Allow me to kiss you man!

Mats Mouts!!! :)