Jump to content

Archived

This topic is now archived and is closed to further replies.

Guest kilbad

Problems with php authentication w/ pages called with php variable passing

Recommended Posts

Guest kilbad
So I have created a working authentication script (which I have included below) which works when I call that particular script directly (for example:: http://www.test.com/example_script.php).  However, if I call it using my index file (see below) with a passed variable (for example:: http://www.test.com/index.php?id=example_script), I get "Cannot modify header information."  WAIT!  I know it's a big no-no to post threads about this type of error, but here is my real question::  Will someone tell me what the best technique is for using php authentication with files included in a webpage wrapper as I have done?  Basically, I want to successfully require a username/password for access to a few of my webapages that appear in my webpage wrapper.

Thanks in advance for the help!!  brendan

index.php::
[code]<?php

$id = $_GET['id'];


if ($id == "")

{
include 'header.php';
include 'frontpage.php';
include 'footer.php';
}

else

{
if (file_exists("$id.php")) {
 
include 'header.php';
include "$id.php";
include 'footer.php';

} else {

include 'header.php';
include 'error.php';
include 'footer.php';

}
}


?> [/code]


authentication script::
[code]<?php
$PHP_AUTH_USER=$_SERVER["PHP_AUTH_USER"];
$PHP_AUTH_PW=$_SERVER["PHP_AUTH_PW"];

function displayLogin() {
header("WWW-Authenticate: Basic realm=\"My Website\"");
header("HTTP/1.0 401 Unauthorized");
header("location:index.php?id=error");
exit;
}

$db = mysql_connect('example.mysql','username','passsword') or die("Couldn't connect to the database.");
mysql_select_db('example') or die("Couldn't select the database");

if (!isset($PHP_AUTH_USER) || !isset($PHP_AUTH_PW)) {
displayLogin();
} else {


$PHP_AUTH_USER = addslashes($PHP_AUTH_USER);
$PHP_AUTH_PW = md5($PHP_AUTH_PW);

$result = mysql_query("SELECT count(*) FROM users WHERE password='$PHP_AUTH_PW' AND username='$PHP_AUTH_USER'") or displayLogin();// or die("Couldn't query the user-database.");
$num = mysql_result($result, 0);

if (!$num) {

displayLogin();
}
}
?>[/code]



Share this post


Link to post
Share on other sites
don't echo/print anything until all scripting has completed.

Share this post


Link to post
Share on other sites
Guest kilbad
I know, but how does one require authentication for only certain pages in the webpage wrapper when the header.php is the same for every page?  Is there some technique for calling the authentication code into the header when needed?

thanks for the help so far!

Brendan

Share this post


Link to post
Share on other sites
For every page that is restricted to authorised users only, you'll need to have a simple check that the user is logged in before displaying the page.

Share this post


Link to post
Share on other sites
Guest kilbad
let me try to restate the problem..

Every page on my website has the same header and footer code.  Only the unique "center" content changes from page to page.  The problem is this, I do not want to include the authentication script code (see above) in the header because then every page will be restricted to authorize users, when I only want a few pages to be restricted.  However, I cannot simply include the authentication script code in the few unique php files that code the few "center" contents I want restricted access to because then I get header errors due to the fact the the code is ending up in the center of the compiled script, not at the beginning..  here is a flow diagram of my problem::

code structure for any given page::
a.) header.php (same for all pages)
b.) Unique file (some_file.php) containing unique content
c.) footer.php (same for all pages)

Where amidst this structure do I include the authentication script code so that selected pages will be restricted, but not all?  Is there some coding technique that is used when the header and footer never change?

Thanks for the help..  sorry I am not articulating myself well.  Brendan
           

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.