mlewitz Posted May 4, 2007 Share Posted May 4, 2007 I pulled this simple authentication script from Dreamweaver 8 and discovered it ONLY works with the php.ini file with register_globals=on. Apparently this creates a bit of a security hole and I've been trying to figure out how to modify it to use $_POST and $_SESSION so I can set back to register_globals=off. Any help to fix this would be a great help! I've seen one authentication script that uses an external .php file, but it generates a separate HTML login page to define the variables, and I prefer to use the login prompt as in this script here. I'm sure it can be done, but I've been struggling and searching for hours, and my .PHP is too weak to figure it out. Thanks in advance for any help or suggestions! Mike mailme2@57mgte.com Here is the script: <?php $username = "test"; $password = "123456"; function authenticate() { Header( "WWW-authenticate: basic realm=\"Protected\""); Header( "HTTP/1.0 401 Unauthorized"); echo "You must enter a valid login ID and password!"; exit; } function CheckPwd($user,$pass) { global $username,$password; return ($user != $username || $pass != $password) ? false : true; } if(!isset($PHP_AUTH_USER)) { authenticate(); } elseif(!CheckPwd($PHP_AUTH_USER,$PHP_AUTH_PW)) { authenticate(); } ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.