Jump to content


Photo

HTTP Auth with PHP, failing all the time...


  • Please log in to reply
1 reply to this topic

#1 Phatsta

Phatsta
  • New Members
  • Pip
  • Newbie
  • 2 posts

Posted 26 October 2006 - 08:25 AM

Hi, I'm very new to PHP coding so I'm having trouble understanding all but the most logical stuff... hoping that maybe someone kind here would like to help :)

I've tried two different codes, but both of them act the same. When you enter user and pass, and even though it's correct (I've double and tripple checked) the lgon window still comes back until all three tries are over after which you're not authorized (of course). This would logically lead you to think there's a problem with the table in the database, and frankly I'm new to MySQL as well, but as far as I can tell there's no problem there. I've tried setting the fields as both pure text and as varchar, with the same content. Also, the field names are the exact ones that I tell the code to look for. So I can't really understand anything at all. Here are the codes:

Code 1:
<?php 
 
$auth = false; // Assume user is not authenticated 
 
if (isset( $PHP_AUTH_USER ) && isset($PHP_AUTH_PW)) { 
 
    // Connect to MySQL 
 
    mysql_connect( 'localhost', 'falloutdata_se', '***' ) 
        or die ( 'Unable to connect to server.' ); 
 
    // Select database on MySQL server 
 
    mysql_select_db( 'falloutdata_se' ) 
        or die ( 'Unable to select database.' ); 
 
    // Formulate the query 
 
    $sql = "SELECT * FROM userauth WHERE 
            username = '{$_SERVER['PHP_AUTH_USER']}' AND 
            password = '{$_SERVER['PHP_AUTH_PW']}'"; 
 
    // Execute the query and put results in $result 
 
    $result = mysql_query( $sql ) 
        or die ( 'Unable to execute query.' ); 
 
    // Get number of rows in $result. 
 
    $num = mysql_numrows( $result ); 
 
    if ( $num != 0 ) { 
 
        // A matching row was found - the user is authenticated. 
 
        $auth = true; 
 
    } 
 
} 
 
if ( ! $auth ) { 
 
    header( 'WWW-Authenticate: Basic realm="Falloutdata.se"' ); 
    header( 'HTTP/1.0 401 Unauthorized' ); 
    echo 'Authorization Required.'; 
    exit; 
 
} else { 
 
    echo '<P>You are authorized!</P>'; 
} 
 
?>

Code 2:

<?php
    if (!isset($_SERVER['PHP_AUTH_USER'])) {
        header("WWW-Authenticate: Basic realm=\"Private Area\"");
        header("HTTP/1.0 401 Unauthorized");
        print "Unauthorized user...";
        exit;
    } else {
        mysql_connect("localhost", "falloutdata_se", "***");
		mysql_select_db("falloutdata_se");
		$result = mysql_query("SELECT ID FROM userauth WHERE Username = '{$_SERVER['PHP_AUTH_USER']}' AND Password = '{$_SERVER['PHP_AUTH_PW']}';");
		if (mysql_num_rows($result)) { 

            print "Welcome to the private area!";
        } else {
            header("WWW-Authenticate: Basic realm=\"Private Area\"");
            header("HTTP/1.0 401 Unauthorized");
            print "Sorry - you need valid credentials to be granted access!\n";
            exit;
        }
    }
?>

You could try the codes for yourself if you like:
Code 1: http://www.falloutdata.se/test.php
Code 2: http://www.falloutdata.se/auth.php

Anyone see what's wrong?
Appreciate any help I can get, thanks!
/Daniel

#2 Phatsta

Phatsta
  • New Members
  • Pip
  • Newbie
  • 2 posts

Posted 26 October 2006 - 07:47 PM

Just got the word from my web hotel:

PHP_AUTH_USER can't be used when PHP runs as CGI. Vi run PHP as CGI.


Damn...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users