SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    Prolific Blogger silver trophy Technosailor's Avatar
    Join Date
    Jun 2001
    Location
    Before These Crowded Streets
    Posts
    9,446
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    functioning HTTP Authentication

    Anybody have a code snippet of working HTTP authentication. I have tried Kevin's from this article and many other different approaches from across the internet and they all have the same result. Either they keep everyone out or let everyone in. This is my latest incarnation that does not work.
    PHP Code:
    <?php
    // adminfunctions.php

    // Database Connection Function
    function dbcnx()
        {
        
    $cnx=mysql_connect("localhost","****","****");
        
    mysql_select_db('****',$cnx);
        }

    // User Authentication
    function auth($user,md5($pass)) 
        {
        
    dbcnx();
        
    $sql=mysql_query("SELECT * FROM authusers WHERE user = '$user' AND password = '$pass'");
        
    $count mysql_num_rows($sql);
        if(
    $count>0)
            {
            
    $result 1;
            }
        else
            {
            
    $result 0;
            }
        return 
    $result;
        }

    ?>


    <?php
    //index.php

    ERROR_REPORTING(E_ALL);
    include(
    'adminfunctions.php');
    dbcnx();
    if (!isset(
    $_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) {
    // If username or password hasn't been set, display the login request.
    auth();
    } else {
    // Escape both the password and username string to prevent users from inserting bogus data.
    $username addslashes($_SERVER['PHP_AUTH_USER']);
    $pass md5($_SERVER['PHP_AUTH_PW']);

    // Check username and password agains the database.
    $sql "SELECT count(*) FROM authusers WHERE password='$pass' AND user='$username'";
    exit(
    $sql);
    $result mysql_query() or die(auth());
    $num mysql_result($result0);

    if (!
    $num) {
    // If there were no matching users, show the login
    auth();
    }
    }

    // All code/html below will only be displayed to authenticated users.

    echo "Congratulations! You're now authenticated.";
    ?>
    Aaron Brazell
    Technosailor



  2. #2
    Sidewalking anode's Avatar
    Join Date
    Mar 2001
    Location
    Philadelphia, US
    Posts
    2,205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    http://www.php.net/manual/en/features.http-auth.php
    PHP Code:
    <?php
      
    if (!isset($_SERVER['PHP_AUTH_USER'])) {
        
    header('WWW-Authenticate: Basic realm="My Realm"');
        
    header('HTTP/1.0 401 Unauthorized');
        echo 
    'Text to send if user hits Cancel button';
        exit;
      } else {
        echo 
    "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
        echo 
    "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";
      }
    ?>
    TuitionFree a free library for the self-taught
    Anode Says... Blogging For Your Pleasure

  3. #3
    ********* Wizard silver trophy Cam's Avatar
    Join Date
    Aug 2002
    Location
    Burpengary, Australia
    Posts
    4,495
    Mentioned
    0 Post(s)
    Tagged
    1 Thread(s)
    Yeah, I've used that to get a HTTP Authentication to work.
    PHP Code:
    <?php

    if ( !(isset($_SERVER['PHP_AUTH_USER'])) )
    {
        
    header('WWW-Authenticate: Basic realm="Authentication Required"');
        
    header('HTTP/1.0 401 Unauthorized');
        echo 
    'Invalid Login information!';
        exit;
    }
    else
    {
        
    $user = ( isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : '' );
        
    $passwd = ( isset($_SERVER['PHP_AUTH_PW']) ? md5($_SERVER['PHP_AUTH_PW']) : '' );
        
        
    $sql "SELECT username
                FROM cs_admins
                WHERE username='
    $user'
                    AND password='
    $passwd'" ;
        
    $rs $db->Execute($sql);
        if ( !(
    $rs->FetchRow()) )
        {
            
    header('WWW-Authenticate: Basic realm="Authentication Required"');
            
    header('HTTP/1.0 401 Unauthorized');
            echo 
    'Invalid Login information!';
            exit;
        }
    }

    ?>
    That worked for me

  4. #4
    Prolific Blogger silver trophy Technosailor's Avatar
    Join Date
    Jun 2001
    Location
    Before These Crowded Streets
    Posts
    9,446
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    that works! Thanks.
    Aaron Brazell
    Technosailor




Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •