Authentication required window at login

[djsl]

I am putting together a members area with a script I found everything works fine but when I enter the username and password and select login I get an authentication window that pops up and only if I re-enter the information will it let me log on.

I am not using ssl

Does anyone know how to solve this, thanks in advance.

here is what the window says in IE:

 

Warning: This server is requesting that your username and password be sent in an insecure manner (basic authentication without a secure connection.)

 

 

[iPixel]

.htaccess perhaps?

[MatthewJ]

Sounds like you have used a script with http authentication...

 

Generally when asking questions about code, it helps to post said code

[djsl]

here is the login script

I am new at this,  I would appreciate any help

 

 

?php
require ('includes/handler.php');
$member_id = $_SESSION['member_id'];
if ($_GET['action'] == 'logout')
{
	$logout = session_id();
	$result = kry_db_query("delete from sessions where sesskey =  '" . $logout . "' ");
	$_SESSION['member_id'] = '';
}
$_ip = getenv('REMOTE_ADDR');
if ($_GET['action'] == 'log')
{
	$result = mysql_query("insert into access set access_ip = '" . $_ip . "', access_exp = now(), type = 'M'");
}
$check_access_query = kry_db_query("select access_ip from access where access_ip = '" . $_ip . "' and type = 'M' ");
if (SEC_LEV == 'High')
{
	$paranoia = 20;
}
elseif (SEC_LEV == 'Medium')
{
	$paranoia = 50;
}
else
{
	$paranoia = 100;
}
if (SEC_LEV != 'Off')
{
	$ip_query = kry_db_query("select * from banned where banned_ip = '" . $_ip . "' and type = 'M' ");
	if ((kry_db_num_rows($ip_query) == 0) && ($_ip != SAFE_IP))
	{
			$check_access = kry_db_fetch_array($check_access_query);
			if (kry_db_num_rows($check_access_query) > $paranoia)
			{
					$sql_data_array = array('banned_ip' => $_ip, 'banned_comment' => 'Multiple Bad Logins', 'banned_email' => 'No Data', 'type' => 'M', 'banned_date' => 'now()');
					kry_db_perform(banned, $sql_data_array);
					kry_db_query("delete from access where access_ip = '" . $_ip . "'");
			}
	}
}
$error = false;
if (isset($_GET['action']) && ($_GET['action'] == 'process'))
{
	$user = pwd_protect($_POST['username']);
	$passwd = pwd_protect($_POST['password']);
	if (($user != '') && ($passwd != ''))
	{
			$login_query = kry_db_query("select members_id, members_status, members_password, error from members where username = '" . $user . "'");
			$login = kry_db_fetch_array($login_query);
			if (kry_validate_password($passwd, $login['members_password']))
			{
					$_SESSION['member_id'] = $login['members_id'];
					$cookie_domain = HTTP_COOKIE_DOMAIN;
					$cookie_path = HTTP_COOKIE_PATH;
					$pwd = $login['members_password'];
					$err = $login['error'];
					setcookie('user', $user, time() + (365 * 24 * 3600), $cookie_path, $cookie_domain);
					setcookie('passwd', $pwd, time() + (365 * 24 * 3600), $cookie_path, $cookie_domain);
			}
			else
			{
					$error = true;
			}
			if ($error != false)
			{
					kry_db_query("insert into access (access_ip, access_exp, type) values ('" . $_ip . "', now(), 'M')");
					$message = 'No match found for this Username/Password combination';
			}
			else
			{
					kry_db_query("delete from access where access_ip = '" . $_ip . "'");
					if ($err == '')
					{
							kry_redirect(kry_href_link('members/index.php'));
					}
					else
					{
							kry_redirect(kry_href_link('pending.php'));
					}
			}
	}
}
?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"><html >
<head> 
<META NAME="ROBOTS" CONTENT="NOINDEX">

<title><? echo TITLE; ?></title>
<base href="<? echo HTTP_SERVER . SUB_DIRECTORY; ?>">
<? echo '<link rel="stylesheet" type="text/css" href="images/stylesheet.css">'; ?>
</head>
<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0" >
<div align="center"><img src="images/logo.jpg" width="354" height="54"> </div>
<table border="0" width="48%" cellspacing="0" cellpadding="0" align="center">

  <tr> 
    <td  valign="top" align="left" height="16"><?echo '<img src="images/security_header.gif" width="500" height="37" height="37">'; ?></td>
  </tr>

  <tr> 
    <!-- body_text //-->
    <td  valign="top" align="left" > 
      <? echo kry_draw_form('login', kry_href_link('login.php', 'action=process', 'SSL')); ?>
      <table border="0" cellpadding="0" cellspacing="0" align="center">
            <tr> 
          <td width="100"><img src="images/spacer.gif" width="31" height="1" border="0"></td>
          <td width="159"><img src="images/spacer.gif" width="159" height="1" border="0"></td>
          <td width="114"><img src="images/spacer.gif" width="71" height="1" border="0"></td>
          <td width="82"><img src="images/spacer.gif" width="69" height="1" border="0"></td>
          <td width="25"><img src="images/spacer.gif" width="18" height="1" border="0"></td>
        </tr>
        <tr> 
          <td colspan="5" valign="top" align="left" class="smalltext"> 
            <p> </p>
          </td>
        </tr>
        <? if($message != ''){ ?>
        <tr> 
          <td  valign="top" align="left" height="16" colspan="5"> 
            <table align="center" cellspacing="0" cellpadding="2" width="79%">
              <tr> 
                <td class="messageBad"> 
                  <? echo $message; ?>
                </td>
              </tr>
              <tr> 
                <td class="smalltext"> </td>
              </tr>
            </table>
          </td>
        </tr>
        <? } ?>
        <tr> 
          <td colspan="5" class="smalltext"> 
            <table width="60%" border="0" cellspacing="0" cellpadding="0" align="center" class="smalltext">
              <tr> 
                <td align="right" width="31%">Username:   </td>
                <td width="69%"> 
                  <? echo kry_draw_input_field('username',''); ?>
                </td>
              </tr>
              <tr> 
                <td align="right" width="31%">Password:   </td>
                <td width="69%"> 
                  <? echo kry_draw_password_field('password',''); ?>
                </td>
              </tr>
              <tr>
                <td width="31%" height="19"> </td>
                <td align="center" width="69%"> </td>
              </tr>
              <tr> 
                <td width="31%" height="28"> </td>
                <td align="center" width="69%"> 
                  <? echo '<a href="join.php?path=back" target="_self"><img src="images/back.jpg"  border="0" alt="Back"></a> '; ?>
                  <? echo '<input type="image" alt="Submit" src="images/next.jpg"  border="0">'; ?>
                </td>
              </tr>
            </table>
          </td>
        </tr>
        <tr> 
          <td height="19" colspan="5" class="smalltext"> 
            <br>
            
            </td>
        </tr>
      </table>

      <? echo '</form>'; ?>
<div align="center" class="smalltext">Copyright 2009 ©  <a href="http://<?php echo $_SERVER["SERVER_NAME"]; ?>" target="_self"><?php echo $_SERVER["SERVER_NAME"]; ?></a>
   </div>
      
    </td>

  </tr>
</table>

</body>
</html>

[djsl]

in the form action this is the line in the login script that I posted above

 

<? echo kry_draw_form('login', kry_href_link('login.php', 'action=process', 'SSL')); ?>

 

I am assuming that this requires ssl if that is the case and that is what is causing my problem, how can I use this login script without ssl

 

thanks

[djsl]

also with this if I log out and then login again it works fine but if I close the browser and reopen and try to log in then it will require the authentication.  Does anyone know from looking at the script how to fix this. Any advise will be greatly appreciated.

 

thanks