Jump to content

Recommended Posts

I pulled this simple authentication script from Dreamweaver 8 and discovered it ONLY works with the php.ini file with register_globals=on.

 

Apparently this creates a bit of a security hole and I've been trying to figure out how to modify it to use $_POST and $_SESSION so I can set back to register_globals=off.

 

Any help to fix this would be a great help!

 

I've seen one authentication script that uses an external .php file, but it generates a separate HTML login page to define the variables, and I prefer to use the login prompt as in this script here.  I'm sure it can be done, but I've been struggling and searching for hours, and my .PHP is too weak to figure it out.

 

Thanks in advance for any help or suggestions!

Mike

mailme2@57mgte.com

 

 

Here is the script:

 

<?php

$username =  "test";

$password =  "123456";

 

function authenticate() {

  Header( "WWW-authenticate: basic realm=\"Protected\"");

  Header( "HTTP/1.0 401 Unauthorized");

  echo  "You must enter a valid login ID and password!";

  exit;

}

 

function CheckPwd($user,$pass) {

  global $username,$password;

  return ($user != $username || $pass != $password) ? false : true;

}

 

if(!isset($PHP_AUTH_USER)) {

  authenticate();

}

elseif(!CheckPwd($PHP_AUTH_USER,$PHP_AUTH_PW)) {

  authenticate();

}

?>

 

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.