Jump to content

HTTP Auth with PHP, failing all the time...


Phatsta

Recommended Posts

Hi, I'm very new to PHP coding so I'm having trouble understanding all but the most logical stuff... hoping that maybe someone kind here would like to help :)

I've tried two different codes, but both of them act the same. When you enter user and pass, and even though it's correct (I've double and tripple checked) the lgon window still comes back until all three tries are over after which you're not authorized (of course). This would logically lead you to think there's a problem with the table in the database, and frankly I'm new to MySQL as well, but as far as I can tell there's no problem there. I've tried setting the fields as both pure text and as varchar, with the same content. Also, the field names are the exact ones that I tell the code to look for. So I can't really understand anything at all. Here are the codes:

Code 1:
[code]<?php

$auth = false; // Assume user is not authenticated

if (isset( $PHP_AUTH_USER ) && isset($PHP_AUTH_PW)) {

    // Connect to MySQL

    mysql_connect( 'localhost', 'falloutdata_se', '***' )
        or die ( 'Unable to connect to server.' );

    // Select database on MySQL server

    mysql_select_db( 'falloutdata_se' )
        or die ( 'Unable to select database.' );

    // Formulate the query

    $sql = "SELECT * FROM userauth WHERE
            username = '{$_SERVER['PHP_AUTH_USER']}' AND
            password = '{$_SERVER['PHP_AUTH_PW']}'";

    // Execute the query and put results in $result

    $result = mysql_query( $sql )
        or die ( 'Unable to execute query.' );

    // Get number of rows in $result.

    $num = mysql_numrows( $result );

    if ( $num != 0 ) {

        // A matching row was found - the user is authenticated.

        $auth = true;

    }

}

if ( ! $auth ) {

    header( 'WWW-Authenticate: Basic realm="Falloutdata.se"' );
    header( 'HTTP/1.0 401 Unauthorized' );
    echo 'Authorization Required.';
    exit;

} else {

    echo '<P>You are authorized!</P>';
}

?> [/code]

Code 2:

[code]<?php
    if (!isset($_SERVER['PHP_AUTH_USER'])) {
        header("WWW-Authenticate: Basic realm=\"Private Area\"");
        header("HTTP/1.0 401 Unauthorized");
        print "Unauthorized user...";
        exit;
    } else {
        mysql_connect("localhost", "falloutdata_se", "***");
mysql_select_db("falloutdata_se");
$result = mysql_query("SELECT ID FROM userauth WHERE Username = '{$_SERVER['PHP_AUTH_USER']}' AND Password = '{$_SERVER['PHP_AUTH_PW']}';");
if (mysql_num_rows($result)) {

            print "Welcome to the private area!";
        } else {
            header("WWW-Authenticate: Basic realm=\"Private Area\"");
            header("HTTP/1.0 401 Unauthorized");
            print "Sorry - you need valid credentials to be granted access!\n";
            exit;
        }
    }
?> [/code]

You could try the codes for yourself if you like:
Code 1: http://www.falloutdata.se/test.php
Code 2: http://www.falloutdata.se/auth.php

Anyone see what's wrong?
Appreciate any help I can get, thanks!
/Daniel
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.