functioning HTTP Authentication

**Technosailor** · May 18, 2003 14:49

Anybody have a code snippet of working HTTP authentication. I have tried Kevin's from this article and many other different approaches from across the internet and they all have the same result. Either they keep everyone out or let everyone in. This is my latest incarnation that does not work.

PHP Code:


<?php

// adminfunctions.php



// Database Connection Function

function dbcnx()

    {

    $cnx=mysql_connect("localhost","****","****");

    mysql_select_db('****',$cnx);

    }



// User Authentication

function auth($user,md5($pass)) 

    {

    dbcnx();

    $sql=mysql_query("SELECT * FROM authusers WHERE user = '$user' AND password = '$pass'");

    $count = mysql_num_rows($sql);

    if($count>0)

        {

        $result = 1;

        }

    else

        {

        $result = 0;

        }

    return $result;

    }



?>





<?php

//index.php



ERROR_REPORTING(E_ALL);

include('adminfunctions.php');

dbcnx();

if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) {

// If username or password hasn't been set, display the login request.

auth();

} else {

// Escape both the password and username string to prevent users from inserting bogus data.

$username = addslashes($_SERVER['PHP_AUTH_USER']);

$pass = md5($_SERVER['PHP_AUTH_PW']);



// Check username and password agains the database.

$sql = "SELECT count(*) FROM authusers WHERE password='$pass' AND user='$username'";

exit($sql);

$result = mysql_query() or die(auth());

$num = mysql_result($result, 0);



if (!$num) {

// If there were no matching users, show the login

auth();

}

}



// All code/html below will only be displayed to authenticated users.



echo "Congratulations! You're now authenticated.";

?>

**anode** · May 18, 2003 14:55

http://www.php.net/manual/en/features.http-auth.php

PHP Code:


<?php

  if (!isset($_SERVER['PHP_AUTH_USER'])) {

    header('WWW-Authenticate: Basic realm="My Realm"');

    header('HTTP/1.0 401 Unauthorized');

    echo 'Text to send if user hits Cancel button';

    exit;

  } else {

    echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";

    echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";

  }

?>

**Cam** · May 18, 2003 23:26

Yeah, I've used that to get a HTTP Authentication to work.

PHP Code:


<?php



if ( !(isset($_SERVER['PHP_AUTH_USER'])) )

{

    header('WWW-Authenticate: Basic realm="Authentication Required"');

    header('HTTP/1.0 401 Unauthorized');

    echo 'Invalid Login information!';

    exit;

}

else

{

    $user = ( isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : '' );

    $passwd = ( isset($_SERVER['PHP_AUTH_PW']) ? md5($_SERVER['PHP_AUTH_PW']) : '' );

    

    $sql = "SELECT username

            FROM cs_admins

            WHERE username='$user'

                AND password='$passwd'" ;

    $rs = $db->Execute($sql);

    if ( !($rs->FetchRow()) )

    {

        header('WWW-Authenticate: Basic realm="Authentication Required"');

        header('HTTP/1.0 401 Unauthorized');

        echo 'Invalid Login information!';

        exit;

    }

}



?>

That worked for me

**Technosailor** · May 24, 2003 17:42

that works! Thanks.

User Tag List

Thread: functioning HTTP Authentication

Thread Tools

Display

functioning HTTP Authentication

Bookmarks

Bookmarks

Posting Permissions