Simple Dreamweaver Script- Enhanced Security Changes?

[mlewitz]

I pulled this simple authentication script from Dreamweaver 8 and discovered it ONLY works with the php.ini file with register_globals=on.

 

Apparently this creates a bit of a security hole and I've been trying to figure out how to modify it to use $_POST and $_SESSION so I can set back to register_globals=off.

 

Any help to fix this would be a great help!

 

I've seen one authentication script that uses an external .php file, but it generates a separate HTML login page to define the variables, and I prefer to use the login prompt as in this script here.  I'm sure it can be done, but I've been struggling and searching for hours, and my .PHP is too weak to figure it out.

 

Thanks in advance for any help or suggestions!

Mike

[email protected]

 

 

Here is the script:

 

<?php

$username =  "test";

$password =  "123456";

 

function authenticate() {

  Header( "WWW-authenticate: basic realm=\"Protected\"");

  Header( "HTTP/1.0 401 Unauthorized");

  echo  "You must enter a valid login ID and password!";

  exit;

}

 

function CheckPwd($user,$pass) {

  global $username,$password;

  return ($user != $username || $pass != $password) ? false : true;

}

 

if(!isset($PHP_AUTH_USER)) {

  authenticate();

}

elseif(!CheckPwd($PHP_AUTH_USER,$PHP_AUTH_PW)) {

  authenticate();

}

?>