Jump to content

Archived

This topic is now archived and is closed to further replies.

Phatsta

HTTP Auth with PHP, failing all the time...

Recommended Posts

Hi, I'm very new to PHP coding so I'm having trouble understanding all but the most logical stuff... hoping that maybe someone kind here would like to help :)

I've tried two different codes, but both of them act the same. When you enter user and pass, and even though it's correct (I've double and tripple checked) the lgon window still comes back until all three tries are over after which you're not authorized (of course). This would logically lead you to think there's a problem with the table in the database, and frankly I'm new to MySQL as well, but as far as I can tell there's no problem there. I've tried setting the fields as both pure text and as varchar, with the same content. Also, the field names are the exact ones that I tell the code to look for. So I can't really understand anything at all. Here are the codes:

Code 1:
[code]<?php

$auth = false; // Assume user is not authenticated

if (isset( $PHP_AUTH_USER ) && isset($PHP_AUTH_PW)) {

    // Connect to MySQL

    mysql_connect( 'localhost', 'falloutdata_se', '***' )
        or die ( 'Unable to connect to server.' );

    // Select database on MySQL server

    mysql_select_db( 'falloutdata_se' )
        or die ( 'Unable to select database.' );

    // Formulate the query

    $sql = "SELECT * FROM userauth WHERE
            username = '{$_SERVER['PHP_AUTH_USER']}' AND
            password = '{$_SERVER['PHP_AUTH_PW']}'";

    // Execute the query and put results in $result

    $result = mysql_query( $sql )
        or die ( 'Unable to execute query.' );

    // Get number of rows in $result.

    $num = mysql_numrows( $result );

    if ( $num != 0 ) {

        // A matching row was found - the user is authenticated.

        $auth = true;

    }

}

if ( ! $auth ) {

    header( 'WWW-Authenticate: Basic realm="Falloutdata.se"' );
    header( 'HTTP/1.0 401 Unauthorized' );
    echo 'Authorization Required.';
    exit;

} else {

    echo '<P>You are authorized!</P>';
}

?> [/code]

Code 2:

[code]<?php
    if (!isset($_SERVER['PHP_AUTH_USER'])) {
        header("WWW-Authenticate: Basic realm=\"Private Area\"");
        header("HTTP/1.0 401 Unauthorized");
        print "Unauthorized user...";
        exit;
    } else {
        mysql_connect("localhost", "falloutdata_se", "***");
mysql_select_db("falloutdata_se");
$result = mysql_query("SELECT ID FROM userauth WHERE Username = '{$_SERVER['PHP_AUTH_USER']}' AND Password = '{$_SERVER['PHP_AUTH_PW']}';");
if (mysql_num_rows($result)) {

            print "Welcome to the private area!";
        } else {
            header("WWW-Authenticate: Basic realm=\"Private Area\"");
            header("HTTP/1.0 401 Unauthorized");
            print "Sorry - you need valid credentials to be granted access!\n";
            exit;
        }
    }
?> [/code]

You could try the codes for yourself if you like:
Code 1: http://www.falloutdata.se/test.php
Code 2: http://www.falloutdata.se/auth.php

Anyone see what's wrong?
Appreciate any help I can get, thanks!
/Daniel

Share this post


Link to post
Share on other sites
Just got the word from my web hotel:

[quote]PHP_AUTH_USER can't be used when PHP runs as CGI. Vi run PHP as CGI.[/quote]

Damn...

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.