djsl Posted September 14, 2009 Share Posted September 14, 2009 I am putting together a members area with a script I found everything works fine but when I enter the username and password and select login I get an authentication window that pops up and only if I re-enter the information will it let me log on. I am not using ssl Does anyone know how to solve this, thanks in advance. here is what the window says in IE: Warning: This server is requesting that your username and password be sent in an insecure manner (basic authentication without a secure connection.) Link to comment https://forums.phpfreaks.com/topic/174208-authentication-required-window-at-login/ Share on other sites More sharing options...
iPixel Posted September 14, 2009 Share Posted September 14, 2009 .htaccess perhaps? Link to comment https://forums.phpfreaks.com/topic/174208-authentication-required-window-at-login/#findComment-918356 Share on other sites More sharing options...
MatthewJ Posted September 14, 2009 Share Posted September 14, 2009 Sounds like you have used a script with http authentication... Generally when asking questions about code, it helps to post said code Link to comment https://forums.phpfreaks.com/topic/174208-authentication-required-window-at-login/#findComment-918366 Share on other sites More sharing options...
djsl Posted September 14, 2009 Author Share Posted September 14, 2009 here is the login script I am new at this, I would appreciate any help ?php require ('includes/handler.php'); $member_id = $_SESSION['member_id']; if ($_GET['action'] == 'logout') { $logout = session_id(); $result = kry_db_query("delete from sessions where sesskey = '" . $logout . "' "); $_SESSION['member_id'] = ''; } $_ip = getenv('REMOTE_ADDR'); if ($_GET['action'] == 'log') { $result = mysql_query("insert into access set access_ip = '" . $_ip . "', access_exp = now(), type = 'M'"); } $check_access_query = kry_db_query("select access_ip from access where access_ip = '" . $_ip . "' and type = 'M' "); if (SEC_LEV == 'High') { $paranoia = 20; } elseif (SEC_LEV == 'Medium') { $paranoia = 50; } else { $paranoia = 100; } if (SEC_LEV != 'Off') { $ip_query = kry_db_query("select * from banned where banned_ip = '" . $_ip . "' and type = 'M' "); if ((kry_db_num_rows($ip_query) == 0) && ($_ip != SAFE_IP)) { $check_access = kry_db_fetch_array($check_access_query); if (kry_db_num_rows($check_access_query) > $paranoia) { $sql_data_array = array('banned_ip' => $_ip, 'banned_comment' => 'Multiple Bad Logins', 'banned_email' => 'No Data', 'type' => 'M', 'banned_date' => 'now()'); kry_db_perform(banned, $sql_data_array); kry_db_query("delete from access where access_ip = '" . $_ip . "'"); } } } $error = false; if (isset($_GET['action']) && ($_GET['action'] == 'process')) { $user = pwd_protect($_POST['username']); $passwd = pwd_protect($_POST['password']); if (($user != '') && ($passwd != '')) { $login_query = kry_db_query("select members_id, members_status, members_password, error from members where username = '" . $user . "'"); $login = kry_db_fetch_array($login_query); if (kry_validate_password($passwd, $login['members_password'])) { $_SESSION['member_id'] = $login['members_id']; $cookie_domain = HTTP_COOKIE_DOMAIN; $cookie_path = HTTP_COOKIE_PATH; $pwd = $login['members_password']; $err = $login['error']; setcookie('user', $user, time() + (365 * 24 * 3600), $cookie_path, $cookie_domain); setcookie('passwd', $pwd, time() + (365 * 24 * 3600), $cookie_path, $cookie_domain); } else { $error = true; } if ($error != false) { kry_db_query("insert into access (access_ip, access_exp, type) values ('" . $_ip . "', now(), 'M')"); $message = 'No match found for this Username/Password combination'; } else { kry_db_query("delete from access where access_ip = '" . $_ip . "'"); if ($err == '') { kry_redirect(kry_href_link('members/index.php')); } else { kry_redirect(kry_href_link('pending.php')); } } } } ?> <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"><html > <head> <META NAME="ROBOTS" CONTENT="NOINDEX"> <title><? echo TITLE; ?></title> <base href="<? echo HTTP_SERVER . SUB_DIRECTORY; ?>"> <? echo '<link rel="stylesheet" type="text/css" href="images/stylesheet.css">'; ?> </head> <body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0" > <div align="center"><img src="images/logo.jpg" width="354" height="54"> </div> <table border="0" width="48%" cellspacing="0" cellpadding="0" align="center"> <tr> <td valign="top" align="left" height="16"><?echo '<img src="images/security_header.gif" width="500" height="37" height="37">'; ?></td> </tr> <tr> <!-- body_text //--> <td valign="top" align="left" > <? echo kry_draw_form('login', kry_href_link('login.php', 'action=process', 'SSL')); ?> <table border="0" cellpadding="0" cellspacing="0" align="center"> <tr> <td width="100"><img src="images/spacer.gif" width="31" height="1" border="0"></td> <td width="159"><img src="images/spacer.gif" width="159" height="1" border="0"></td> <td width="114"><img src="images/spacer.gif" width="71" height="1" border="0"></td> <td width="82"><img src="images/spacer.gif" width="69" height="1" border="0"></td> <td width="25"><img src="images/spacer.gif" width="18" height="1" border="0"></td> </tr> <tr> <td colspan="5" valign="top" align="left" class="smalltext"> <p> </p> </td> </tr> <? if($message != ''){ ?> <tr> <td valign="top" align="left" height="16" colspan="5"> <table align="center" cellspacing="0" cellpadding="2" width="79%"> <tr> <td class="messageBad"> <? echo $message; ?> </td> </tr> <tr> <td class="smalltext"> </td> </tr> </table> </td> </tr> <? } ?> <tr> <td colspan="5" class="smalltext"> <table width="60%" border="0" cellspacing="0" cellpadding="0" align="center" class="smalltext"> <tr> <td align="right" width="31%">Username: </td> <td width="69%"> <? echo kry_draw_input_field('username',''); ?> </td> </tr> <tr> <td align="right" width="31%">Password: </td> <td width="69%"> <? echo kry_draw_password_field('password',''); ?> </td> </tr> <tr> <td width="31%" height="19"> </td> <td align="center" width="69%"> </td> </tr> <tr> <td width="31%" height="28"> </td> <td align="center" width="69%"> <? echo '<a href="join.php?path=back" target="_self"><img src="images/back.jpg" border="0" alt="Back"></a> '; ?> <? echo '<input type="image" alt="Submit" src="images/next.jpg" border="0">'; ?> </td> </tr> </table> </td> </tr> <tr> <td height="19" colspan="5" class="smalltext"> <br> </td> </tr> </table> <? echo '</form>'; ?> <div align="center" class="smalltext">Copyright 2009 © <a href="http://<?php echo $_SERVER["SERVER_NAME"]; ?>" target="_self"><?php echo $_SERVER["SERVER_NAME"]; ?></a> </div> </td> </tr> </table> </body> </html> Link to comment https://forums.phpfreaks.com/topic/174208-authentication-required-window-at-login/#findComment-918422 Share on other sites More sharing options...
djsl Posted September 15, 2009 Author Share Posted September 15, 2009 in the form action this is the line in the login script that I posted above <? echo kry_draw_form('login', kry_href_link('login.php', 'action=process', 'SSL')); ?> I am assuming that this requires ssl if that is the case and that is what is causing my problem, how can I use this login script without ssl thanks Link to comment https://forums.phpfreaks.com/topic/174208-authentication-required-window-at-login/#findComment-918693 Share on other sites More sharing options...
djsl Posted September 16, 2009 Author Share Posted September 16, 2009 also with this if I log out and then login again it works fine but if I close the browser and reopen and try to log in then it will require the authentication. Does anyone know from looking at the script how to fix this. Any advise will be greatly appreciated. thanks Link to comment https://forums.phpfreaks.com/topic/174208-authentication-required-window-at-login/#findComment-919297 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.