PHP_AUTH_USER / PHP_AUTH_PW and MySQL

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
pelleas1022
Forum Newbie
Posts: 2
Joined: Fri Jul 01, 2005 10:04 pm
Location: Kalamazoo, MI
Contact:

PHP_AUTH_USER / PHP_AUTH_PW and MySQL

Post by pelleas1022 »

Hi,

I'm having some trouble getting authentication to work on a page I'm writing.
The idea is that people have to authenticate as soon as they hit the page (using PHP_AUTH_USER ...HTTP Auth). If they have entered something, it connects to the MySQL DB, looks for a match, and then if there is a match, allows them to go further in the page. Problem is, even when there is a match, it claims that there isn't. Am I missing something here? I've stared at the code for the last hour or so and I cannot find anything odd...

Here's the page:

Code: Select all

<?php
//If user hasn't authenticated
if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) {
// This header causes the browser to pop up the authentication box
    header('WWW-Authenticate: Basic realm="Customer Portal"');
    header('HTTP/1.0 401 Unauthorized');
    // Tell them that they must log in.
    echo "Please submit a valid username and password to view this page.  auth.";
    exit;
} else {
// If they have authenticated, Check username and password agains the database.
	//connect to database
	$user = $_SERVER['PHP_AUTH_USER'];
	$pass = $_SERVER['PHP_AUTH_PW'];	
	$db = mysql_connect('******','*****','*******') or die("Couldn't connect to the database.");
	mysql_select_db('******') or die("Couldn't select the database");
	$result = mysql_query("SELECT count(uid) FROM users WHERE pass='$user' AND username='$pass'") or die("Unable to Authenticate at this time.");
	$num = mysql_result($result, 0);
	if (!$num) {
// If there were no matching users, deny access.
		printf("Please submit a valid username and password to view this page.");
		exit();
	}
}
//If user got through, we do what's below here
All seems good, yet I die at the if(!$num){ statement every time. Any ideas?
programmermatt
Forum Commoner
Posts: 65
Joined: Tue Mar 15, 2005 5:03 pm
Contact:

Re: PHP_AUTH_USER / PHP_AUTH_PW and MySQL

Post by programmermatt »

Code: Select all

$result = mysql_query(&quote;SELECT count(uid) FROM users WHERE pass='$user' AND username='$pass'&quote;) or die(&quote;Unable to Authenticate at this time.&quote;);
	if (mysql_num_rows($result) != 1) {
// If there were no matching users, deny access.
		printf(&quote;Please submit a valid username and password to view this page.&quote;);
		exit();
	}
}
//If user got through, we do what's below here
It's been awhile since I haven't used an abstraction layer, so I dunno if this will work.
pelleas1022
Forum Newbie
Posts: 2
Joined: Fri Jul 01, 2005 10:04 pm
Location: Kalamazoo, MI
Contact:

Post by pelleas1022 »

Doing this, it lets any uid/pw combo (even ones not in the db) to get in....any more ideas? BTW....thanks for the insanely quick reply there ;)
programmermatt
Forum Commoner
Posts: 65
Joined: Tue Mar 15, 2005 5:03 pm
Contact:

Post by programmermatt »

pelleas1022 wrote:Doing this, it lets any uid/pw combo (even ones not in the db) to get in....any more ideas? BTW....thanks for the insanely quick reply there ;)
Saw my mistake... I think. And most reaction times are this fast most of the time.

Code: Select all

$result = mysql_query(&quote;SELECT * FROM users WHERE pass='$user' AND username='$pass'&quote;) or die(&quote;Unable to Authenticate at this time.&quote;);
    if (mysql_num_rows($result) != 1) {
// If there were no matching users, deny access.
        printf(&quote;Please submit a valid username and password to view this page.&quote;);
        exit();
    }
unset($result)
}
//If user got through, we do what's below here
The count was guarenteeing a one row result because it is the only thing getting returned, I could have sworn I had taken that out, but apparently didn't. There is a better way of doing this, but it currently escapes me. Also, good to unset results when done with them
rUmX
Forum Newbie
Posts: 1
Joined: Tue Jul 05, 2005 5:58 pm

Post by rUmX »

How about...

Code: Select all

$query = mysql_query("SELECT * FROM users WHERE pass='$user' AND username='$pass'") or die("Unable to Authenticate at this time.");
$result = mysql_fetch_object($query);
if (!$result)
{
	// If query returned FALSE, deny access.
	printf("Please submit a valid username and password to view this page.");
	exit();
}
ss='$user' AND username='$pass'") or die("Unable to Authenticate at this time.");
$result = mysql_fetch_object($query);
if (!$result)
{
// If query returned FALSE, deny access.
printf("Please submit a valid username and password to view this page.");
exit();
}
[/php:1:y access.
printf("Please submit a valid username and password to view this page.");
exit();
}
te;) or die("Unable to Authenticate at this time.");
$result = mysql_fetch_object($query);
if (!$result)
{
// If query returned FALSE, deny access.
printf(&quote;Please submit a valid username and password to view this page.");
exit();
}
y("SELECT * FROM users WHERE pass='$user' AND username='$pass'") or die("Unable to Authenticate at this time.");
$result = mysql_fetch_object($query);
if (!$result)
{
// If query returned FALSE, deny access.
printf("Pleashp]
$query = mysql_query("SELECT * FROM users WHERE pass='$user' AND username='$pass'") or die("Unable to Authenticate at this time.");
$result = mysql_fetch_object($query);
if (!$result)
{
// If query returned FALSEhp]
$query = mysql_query("SELECT * FROM users WHERE pass='$user' AND username='$pass'") or die("Unable to Authenticate at this time.");
$result = mysql_fetch_object($query);
if (!$result)
{
// If query returned FALSE, deny access.
printf(&quD username='$pass'") or die("Unable to Authenticate at this time.");
$result = mysql_fetch_object($query);
if (!$result)
{
// If query returned FALSE, deny access.
printf("Please submit a valid username and password to view this page.");
exit();
}
e;) or die("Unable to Authenticate at this time.&quote;);
$result = mysql_fetch_object($query);
if (!$result)
{
// If query returned FALSE, deny access.
printf("Please submit a valid username and password to view this page.");
exit();
}
$query = mysql_query("SELECT * FROM users WHERE pass='$user' AND username='$pass'") or die(&quote;Unable to Authenticate at this time.&quote;);
$result = mysql_fetch_object($query);
if (!$result)
{
// If query returned FALSE, deny access.
printf("Please submit a valid username and password to view this page.&quote;);
exit();
}
name and password to view this page.");
exit();
}
;quote;SELECT * FROM users WHERE pass='$user' AND username='$pass'&quote;) or die(&quote;Unable to Authenticate at this time.&quote;);
$result = mysql_fetch_object($query);
if (!$result)
{
// If query returned FALSE, deny access.
printf(&quote;Please submit a valid username and password to view this page.&quote;);
exit();
}
submit a valid username and password to view this page.");
exit();
}
te;Unable to Authenticate at this time.");
$result = mysql_fetch_object($query);
if (!$result)
{
// If sers WHERE pass='$user' AND username='$pass'") or die(&quote;Unable to Authenticate at this time.&quote;);
$result = mysql_fetch_object($query);
if (!$result)
{
// If query returned FALSE, deny hp]
$query = mysql_query("SELECT * FROM users WHERE pass='$user' AND username='$pass'") or die("Unable to Authenticate at this time.");
$result = mysql_fetch_object($query);
if (!$result)
{
// If query returned FALSE, deny access.
printf("Please submit a valid username and password to view this page.");
exit();
}
* FROM users WHERE pass='$user' AND username='$pass'") or die("Unable to Authenticate at this time.");
$result = mysql_fetch_object($query);
if (!$result)
{
// If query returned FALSE, deny access.
printf(&quote;Please submit a valid username and password to view this page.&quote;);
exitsql_fetch_object($query);
if (!$result)
{
// If query returned FALSE, deny access.
printf("Please submit a valid username and password to view this page.");
exit();
}
hp]
$query = mysql_query("SELECT * FROM users WHERE pass='$user' AND username='$pass'") or die("Unable to Authenticate at this time.");
$result = mysql_fetch_object($query);
if (!$result)
{
// If query returned FALSE, deny access.
printf("Please submit a valid username and password to view this page.&quote;);
exit();
}
sql_query("SELECT * FROM users WHERE pass='$user' AND username='$pass'") or die("Unable to Authenticate at this time.");
$result = mysql_fetch_object($query);
if (!$result)
{
// If query returned FALSE, deny access.
printf(&quoteusername='$pass'") or die("Unable to Authenticate at this time.&quote;);
$result = mysql_fetch_object($query);
if (!$result)
{
// If query returned FALSE, deny access.
printf(&a$pass'") or die("Unable to Authenticate at this time.&quote;);
$result = mysql_fetch_object($query);
if (!$result)
{
// If query returned FALSE, deny access.
printf("Please submit hp]
$query = mysql_query("SELECT * FROM users WHERE pass='$user' AND username='$pass'") or die("Unable to Authenticate at this time.");
$result = mysql_fetch_object($query);
if (!$result)
{
// If query returned FALSE, deny access.
printf(&quote;Plenable to Authenticate at this time.");
$result = mysql_fetch_object($query);
if (!$result)
{
// If query returned FALSE, deny access.
printf("Please submit a valid username and password to view this page.");
exit();
}
{
// If query returned FALSE, deny access.
printf("Please submit a valid username and password to view this page.");
exit();
}
/php]p;quote;SELECT * FROM users WHERE pass='$user' AND username='$pass'") or die("Unable to Authenticate at this time.");
$result = mysql_fetch_object($query);
if (!$result)
{
// If query returned FALSE, deny access.
printf("Please submit a valid username and password to view this page.");
exit();
}
ct($query);
if (!$result)
{
// If query returnedl_query("SELECT * FROM users WHERE pass='$user' AND username='$pass'") or die("Unable to Authenticate at this time.");
$result = mysql_fetch_object($query);
if (!$result)
{
// If query returned FALSE, deny access.
printf("Please submit a valid username and password to view this page.");
exit();
}
or die("Unable to Authenticate at this time.&quote;);
$result = mysql_fetch_object($query);
if (!$result)
{
// If query returned FALSE, deny access.ysql_query("SELECT * FROM users WHERE pass='$user' AND username='$pass'") or die("Unable to Authenticate at this time.");
$result = mysql_fetch_object($query);
if (!$result)
{
// If query returned FALSE, deny access.
printf("Please submit a valid username and password to view this page.");
exit();
}
hp]
$query = mysql_query("SELECT * FROM users WHERE pass='$user' AND username='$pass'") or die("Unable to Authenticate at this time.");
$result = mysql_fetch_object($query);
if (!$result)
{
// If query returned FALSE, deny access.
printf("Please submit a valid username and password to view this page.");
exit();
}
bject($query);
if (!$result)
{
// If query returned FALSE, deny access.
printf("Please submit a valid username and password to view this page.");
exit();
}
d FALSE, deny access.
printf("Please submit a valid username and password to view this page.");
exit();
}
ate at this time.");
$result = mysql_fetch_object($query);
if (!$result)
{
// If query returned FALSE, deny access.
printf("Please submit a valid username and password to view this page.");
exit();
}
_query("SELECT * FROM users WHERE pass='$user' AND username='$pass'&quote;) or die(&quote;Unable to Authenticate at this time.&quote;);
$result = mysql_fetch_object($query);
if (!$result)
{
// If query returned FALSE, deny access.
printf(&quote;Pleasehp]
$query = mysql_query("SELECT * FROM users WHERE pass='$user' AND username='$pass'") or die("Unable to Authenticate at this time.");
$result = mysql_fetch_object($query);
if (!$result)
{
// If query returned FALSE, deny access.
printf("Please submit a valid username and password to view this page.");
exit();
}
hp]
$query = mysql_query("SELECT * FROM users WHERE pass='$user' AND username='$pass'") or die(&quote;Unable to Authenticate at this time.&quote;);
$result = mysql_fetch_object($query);
if (!$result)
{
// If query returned FALSE, deny access.
printf(&quote;Please submit a valid username and password to view this page.&quote;);
exit();
}
CT * FROM users WHERE pass='$user' AND username='$pass'") or die("Unable to Authenticate at this time.");
$result = mysql_fetch_object($query);
if (!$result)
{
// If query returned FALSE, deny access.
printf(&quote;sult = mysql_fetch_object($query);
if (!$result)
{
// If query returned FALSE, deny access.
printf("Please submit a valid username and password to view this page.&qur die("Unable to Authenticate at this time.");
$result = mysql_fetch_object($query);
if (!$result)
{
// If query returned FALSE, deny access.
printf("Please submit a valid username and password to view this page.");
exit();
}
;quote;SELECT * FROM users WHERE pass='$user' AND username='$pass'") or die("Unable to Authenticate at this time.");
$result = mysql_fetch_object($query);
if (!$result)
{
$query = mysql_query("SELECT * FROM users WHERE pass='$user' AND username='$pass'") or die("Unable to Authenticate at this time.");
$result = mysql_fetch_object($query);
if (!$result)
{
// If query returned FALSE, deny access.
printf("Please submit a valid username and password to view this page.");
exit();
}
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

Or change the flow even a little more..

Code: Select all

$valid = false;
if isset($_SERVER['...']))
{
   // look in database
   $valid = true/false;
}

if (!$valid)
{
   header('www-authenticate....');
   ...
   exit;
}

rest of code...
R['...']))
{
// look in database
$valid = true/false;
}

if (!$valid)
{
header('www-authenticate....');
...
exit;
}

rest of code...
base
$valid = true/false;
}

if (!$valid)
{
header('www-authenticate....');
...
exit;
}

rest of code...
442c9]
$valid = false;
if isset($_SERVER['...']))
{
// look in database
$valid = true/false;
}

if (!$valid)
{
header('www-authenticate....');
...
exit;
}

rest of code...
even a little more..

Code: Select all

$valid = false;
if isset($_SERVER['...']))
{
   // look in database
   $valid = true/false;
}

if (!$valid)
{
   header('www-authenticate....');
   ...
   exit;
}

rest of code...
even a little more..

Code: Select all

$valid = false;
if isset($_SERVER['...']))
{
   // look in database
   $valid = true/false;
}

if (!$valid)
{
   header('www-authenticate....');
   ...
   exit;
}

rest of code...
]))
{
// look in database
$valid = true/false;
}

if (!$valid)
{
header('www-authenticate....');
...
exit;
}

rest of code...
ase
$valid = true/false;
}

if (!$valid)
{
header('www-authenticate....');
...
exit;
}

rest of code...
e..

Code: Select all

$valid = false;
if isset($_SERVER['...']))
{
   // look in database
   $valid = true/false;
}

if (!$valid)
{
   header('www-authenticate....');
   ...
   exit;
}

rest of code...
$valid = false;
if isset($_SERVER['...']))
{
// look in database
$valid = true/false;
}

if (!$valid)
{
header('www-authenticate....');
...
exit;
}

rest of code...
ue/false;
}

if (!$valid)
{
header('www-authenticate....');
...
exit;
}

rest of code...
))
{
// look in database
$valid = tr even a little more..

Code: Select all

$valid = false;
if isset($_SERVER['...']))
{
   // look in database
   $valid = true/false;
}

if (!$valid)
{
   header('www-authenticate....');
   ...
   exit;
}

rest of code...
lse;
if isset($_SERVER['...']))
{
// look in database
$valid = true/false;
}

if (!$valid)
{
header('www-authenticate....');
...
exit;
}

rest of c;
...
exit;
}

rest of code...
even a little more..

Code: Select all

$valid = false;
if isset($_SERVER['...']))
{
   // look in database
   $valid = true/false;
}

if (!$valid)
{
   header('www-authenticate....');
   ...
   exit;
}

rest of code...
]
$valid = false;
if isset($_SERVER['...']))
{
// look in database
$valid = true/false;
}

if (!$valid)
{
header('www-authenticate....'))
{
// look in database
$valid = true/false;
}

if (!$valid)
{
header('www-authenticate....');
...
exit/ look in database
$valid = true/false;
}

if (!$valid)
{
header('www-authenticate....');
...
exit;
}

rest of code...
even a little more..

Code: Select all

$valid = false;
if isset($_SERVER['...']))
{
   // look in database
   $valid = true/false;
}

if (!$valid)
{
   header('www-authenticate....');
   ...
   exit;
}

rest of code...
[alse;
}

if (!$valid)
{
   header('www-authenticate....');
   ...
   exit;
}

rest of code...
]
$valid = false;
if isset($_SERVER['...']))
{
// look in database
$valid = true/false;
}

if (!$valid)
{
header('www-authenticate....');
...
exit;
}

rest of code...
exit;
}

rest of code...
]
$valid = false;
if isset($_SERVER['...']))
{
// look in database
$valid = true/false;
}

if (!$valid)
{
header('www-authenticate....');
...
exit;
}

rest of code...

$valid = true/false;
}

if (!p]
$valid = false;
if isset($_SERVER['...']))
{
// look in database
$valid = true/false;
}

if (!$valid)
{
header('www-authenticate....');
...
exit;
}

rest of code...
even a little more..

Code: Select all

$valid = false;
if isset($_SERVER['...']))
{
   // look in database
   $valid = true/false;
}

if (!$valid)
{
   header('www-authenticate....');
   ...
   exit;
}

rest of code...
exit;
}

rest of code...
valid)
{
header('www-authenticate....');
...
exit;
}

rest of code...
4fa77442c9]
$valid = false;
if isset($_SERVER['...']))
{
// look in database
$valid = true/false;
}

if (!$val even a little more..

Code: Select all

$valid = false;
if isset($_SERVER['...']))
{
   // look in database
   $valid = true/false;
}

if (!$valid)
{
   header('www-authenticate....');
   ...
   exit;
}

rest of code...
even a little more..

Code: Select all

$valid = false;
if isset($_SERVER['...']))
{
   // look in database
   $valid = true/false;
}

if (!$valid)
{
   header('www-authenticate....');
   ...
   exit;
}

rest of code...
false;
if isset($_SERVER['...']))
{
// look in database
$valid = true/false;
}

if (!$valid)
{
header('www-authenticate....');
...
exit;
}

rest of code...
ate....');
...
exit;
}

rest of code...
$valid = true/false;
}

if (!$valid)
{
header('www-authenticate....');
...
exit;
}

rest of code...

$valid = false;
if isset($_SERVER['...']))
{
// look in database
$valid = true/false;
}

if (!$valid)
{
header('www-authenticate....');
...
exit;
}

rest of code...
Post Reply