Jump to content

Problems with php authentication w/ pages called with php variable passing


Guest kilbad

Recommended Posts

Guest kilbad
So I have created a working authentication script (which I have included below) which works when I call that particular script directly (for example:: http://www.test.com/example_script.php).  However, if I call it using my index file (see below) with a passed variable (for example:: http://www.test.com/index.php?id=example_script), I get "Cannot modify header information."  WAIT!  I know it's a big no-no to post threads about this type of error, but here is my real question::  Will someone tell me what the best technique is for using php authentication with files included in a webpage wrapper as I have done?  Basically, I want to successfully require a username/password for access to a few of my webapages that appear in my webpage wrapper.

Thanks in advance for the help!!  brendan

index.php::
[code]<?php

$id = $_GET['id'];


if ($id == "")

{
include 'header.php';
include 'frontpage.php';
include 'footer.php';
}

else

{
if (file_exists("$id.php")) {
 
include 'header.php';
include "$id.php";
include 'footer.php';

} else {

include 'header.php';
include 'error.php';
include 'footer.php';

}
}


?> [/code]


authentication script::
[code]<?php
$PHP_AUTH_USER=$_SERVER["PHP_AUTH_USER"];
$PHP_AUTH_PW=$_SERVER["PHP_AUTH_PW"];

function displayLogin() {
header("WWW-Authenticate: Basic realm=\"My Website\"");
header("HTTP/1.0 401 Unauthorized");
header("location:index.php?id=error");
exit;
}

$db = mysql_connect('example.mysql','username','passsword') or die("Couldn't connect to the database.");
mysql_select_db('example') or die("Couldn't select the database");

if (!isset($PHP_AUTH_USER) || !isset($PHP_AUTH_PW)) {
displayLogin();
} else {


$PHP_AUTH_USER = addslashes($PHP_AUTH_USER);
$PHP_AUTH_PW = md5($PHP_AUTH_PW);

$result = mysql_query("SELECT count(*) FROM users WHERE password='$PHP_AUTH_PW' AND username='$PHP_AUTH_USER'") or displayLogin();// or die("Couldn't query the user-database.");
$num = mysql_result($result, 0);

if (!$num) {

displayLogin();
}
}
?>[/code]



Link to comment
Share on other sites

Guest kilbad
I know, but how does one require authentication for only certain pages in the webpage wrapper when the header.php is the same for every page?  Is there some technique for calling the authentication code into the header when needed?

thanks for the help so far!

Brendan
Link to comment
Share on other sites

Guest kilbad
let me try to restate the problem..

Every page on my website has the same header and footer code.  Only the unique "center" content changes from page to page.  The problem is this, I do not want to include the authentication script code (see above) in the header because then every page will be restricted to authorize users, when I only want a few pages to be restricted.  However, I cannot simply include the authentication script code in the few unique php files that code the few "center" contents I want restricted access to because then I get header errors due to the fact the the code is ending up in the center of the compiled script, not at the beginning..  here is a flow diagram of my problem::

code structure for any given page::
a.) header.php (same for all pages)
b.) Unique file (some_file.php) containing unique content
c.) footer.php (same for all pages)

Where amidst this structure do I include the authentication script code so that selected pages will be restricted, but not all?  Is there some coding technique that is used when the header and footer never change?

Thanks for the help..  sorry I am not articulating myself well.  Brendan
           
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.