SitePoint Sponsor

User Tag List

Results 1 to 14 of 14
  1. #1
    SitePoint Addict
    Join Date
    Jan 2003
    Posts
    232
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Angry http authentication problem

    Hi all,

    I having problem with this http authentication:

    <?php
    ############################ authentication here
    if(!isset($PHP_AUTH_USER))
    {
    Header("WWW-Authenticate: Basic realm=\"Banner-Administration\"");
    Header("HTTP/1.0 401 Unauthorized");
    echo "A username and password with administrative privileges are required for access to these pages.\n";
    exit;
    }
    else
    {
    if($PHP_AUTH_USER!='tt' || $PHP_AUTH_PW!='tt')
    {
    Header("WWW-Authenticate: Basic realm=\"Banner-Administration\"");
    Header("HTTP/1.0 401 Unauthorized");
    echo "Invalid username or password.\n";
    exit;
    }
    }
    ############################ end authentication here
    echo "sucess";
    ?>

    I was using this to acces the admin page.

    Now after I moved to a new host, when I go to the admin page and give the user name and password it still goes back to dialog box asking to enter the user name and password.

    It it anything to do with the setting on the server.

    Well the same code worked on the other hosting server

    hope someone can help me with this.

  2. #2
    La la la la la bronze trophy lieut_data's Avatar
    Join Date
    Jun 2003
    Location
    Waterloo, ON
    Posts
    1,517
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    More than likely, register globals is OFF

    Replace any instance of $PHP_AUTH_USER or $PHP_AUTH_PW with the appropriate variable in the superglobal $_SERVER, or just set them at the top of the script:

    PHP Code:
    $PHP_AUTH_USER $_SERVER['PHP_AUTH_USER'];
    $PHP_AUTH_PW $_SERVER['PHP_AUTH_PW'];

    //rest of script 
    My name is Steve, and I'm a super-villian.

  3. #3
    SitePoint Addict
    Join Date
    Jan 2003
    Posts
    232
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    HI,

    I have added the script to the top of my script but still the same problem.

    you can check it here


    the username is tt and password is tt

    thanks
    Last edited by ezguy; Aug 25, 2003 at 23:58.

  4. #4
    La la la la la bronze trophy lieut_data's Avatar
    Join Date
    Jun 2003
    Location
    Waterloo, ON
    Posts
    1,517
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Clearly your new host is running IIS -- were you on Apache, previously?

    It's possible IIS isn't configured to allow you to run basic authentication:

    Quote Originally Posted by Planet Source Code
    Also, make sure you turn off ALL IIS authentication options, including the default "Integrated Windows Authentication". Leave only Anonymous Access checked, or this will not work.
    See http://www.planet-source-code.com/vb...d=252&lngWId=8
    My name is Steve, and I'm a super-villian.

  5. #5
    SitePoint Addict
    Join Date
    Jan 2003
    Posts
    232
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes I was on apache before .

    I put the same code there as planet-source but still it give the same problem. username test password 123

    The server software is Microsoft-IIS/5.0

    hope you can help

  6. #6
    La la la la la bronze trophy lieut_data's Avatar
    Join Date
    Jun 2003
    Location
    Waterloo, ON
    Posts
    1,517
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ezguy
    Yes I was on apache before .

    I put the same code there as planet-source but still it give the same problem. username test password 123

    The server software is Microsoft-IIS/5.0

    hope you can help
    Actually I wasn't referring to the code, but rather to the header:

    Quote Originally Posted by PlanetSourceCode
    A simple way to provide Basic Authentication using PHP on Internet Information Server 4 or 5. IMPORTANT: Read the "assumes" section below before using. Tested on Windows 2000 with IIS 5 and PHP 4.0.2. Also, make sure you turn off ALL IIS authentication options, including the default "Integrated Windows Authentication". Leave only Anonymous Access checked, or this will not work.
    If you aren't the system admin, check with him to make sure the functionality is enabled.
    My name is Steve, and I'm a super-villian.

  7. #7
    SitePoint Addict
    Join Date
    Jan 2003
    Posts
    232
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I checked with the admin. the admin says they don't support http protect for windows the support that only for linux.

    what to do then

  8. #8
    La la la la la bronze trophy lieut_data's Avatar
    Join Date
    Jun 2003
    Location
    Waterloo, ON
    Posts
    1,517
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You can still have good authentication -- simply design your own interface!

    Firstly, a login prompt:

    HTML Code:
    <form name="login" action="logincheck.php" method="post">
    Username: <input type="text" name="username" />
    Password: <input type="text" name="password" />
    </form>
    Then, a logincheck program:

    PHP Code:
    $username $_POST['username'];
    $password $_POST['password'];

    //Do some checking, either from database or hard-coded
    if ($username == $correct_username && $password == $correct_password) {
       
    session_start();
       
    $_SESSION['logged_in'] = true;
       
    $_SESSION['username'] = $username
    } else {
       
    //redirect to error page, or output here
       
    echo "Bad username / password!!!";

    And a login checker to see if the user is logged in:

    PHP Code:
    session_start();
    if (isset(
    $_SESSION['username']) && isset($_SESSION['logged_in'])) {
       echo 
    "You are logged in!!!";
    } else {
       echo 
    "You aren't!!! Scram!";

    And adapt as needed
    [/php]
    My name is Steve, and I'm a super-villian.

  9. #9
    SitePoint Addict
    Join Date
    Jan 2003
    Posts
    232
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    HI lieut,

    Thanks for taking your time to write the code for me.

    thanks once again

  10. #10
    SitePoint Wizard dominique's Avatar
    Join Date
    Dec 2000
    Location
    orbis terrarum
    Posts
    1,523
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    lieut_data, I adapted your custom code but it doesn't seem to work for me. It doesn't seem to be storing the session variables for more than one page. How can I get it to keep the values for multiple pages?

    Thanks!

    The code as reference:
    PHP Code:
    <?php
      session_start
    (); 
      if (isset(
    $_SESSION['username']) && isset($_SESSION['logged_in'])) { 
         
    $auth true;
         if (
    $_GET['action'] == "logout") {
           
    $auth false;
           
    $_SESSION['logged_in'] = null
           
    $_SESSION['username'] = null;        
         }
      } else { 
         
    $auth false;
      } 
      if (!
    $auth && isset($_POST['action'])) {
        
    $username $_POST['username']; 
        
    $password $_POST['password']; 

        if (
    $username == "admin" && $password == "password") { 
          
    session_start(); 
          global 
    $username$password;
          
    $_SESSION['logged_in'] = true
          
    $_SESSION['username'] = $username
          
    $auth true;
        } 
      }

      if (!
    $auth) {
    ?>
    <p class="content_noindent" align="center">
      <form name="login" action="<?php echo $_SERVER['PHP_SELF'?>" method="post">
        Username: <input type="text" name="username" /><br />
        Password: <input type="password" name="password" /><br />
        <input type="submit" name="action" value="Login">
      </form>
    </p>
    <?php
      
    } else { 
        
    // Do something else.
      
    }
    ?>

  11. #11
    La la la la la bronze trophy lieut_data's Avatar
    Join Date
    Jun 2003
    Location
    Waterloo, ON
    Posts
    1,517
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by dominique
    lieut_data, I adapted your custom code but it doesn't seem to work for me. It doesn't seem to be storing the session variables for more than one page. How can I get it to keep the values for multiple pages?
    Do you mean the session generated by your login page doesn't stay constant throughout your site? Or do you mean you need individual logins for each page, and that currently the logins are colliding?
    My name is Steve, and I'm a super-villian.

  12. #12
    SitePoint Wizard dominique's Avatar
    Join Date
    Dec 2000
    Location
    orbis terrarum
    Posts
    1,523
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by lieut_data
    Do you mean the session generated by your login page doesn't stay constant throughout your site?
    Yes. For example, I can login and pull the session information after I log in (since the form calls the same page), but if I follow a link back to the very same page, i'm not logged in anymore.

    Supposed the code I gave is in index.php (and it contains the appropriate <html>... tags), this is what happens:
    1. Go to index.php -> Login form displayed
    2. Log in -> Login success displayed
    3. Follow link to index.php (back to same page) -> Login form displayed

    Also, if I go to another page that has the same session check it doesn't work, it also thinks that I'm not logged and the session info is empty.

  13. #13
    La la la la la bronze trophy lieut_data's Avatar
    Join Date
    Jun 2003
    Location
    Waterloo, ON
    Posts
    1,517
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by dominique
    Yes. For example, I can login and pull the session information after I log in (since the form calls the same page), but if I follow a link back to the very same page, i'm not logged in anymore.

    Supposed the code I gave is in index.php (and it contains the appropriate <html>... tags), this is what happens:
    1. Go to index.php -> Login form displayed
    2. Log in -> Login success displayed
    3. Follow link to index.php (back to same page) -> Login form displayed

    Also, if I go to another page that has the same session check it doesn't work, it also thinks that I'm not logged and the session info is empty.
    Sorry for the delay in responding, I just came across this thread after searching for a solution to another one...

    It's possible that your version of PHP is too old to support $_POST -- try replacing with $HTTP_POST_VARS (see php.net for further details)
    My name is Steve, and I'm a super-villian.

  14. #14
    SitePoint Wizard dominique's Avatar
    Join Date
    Dec 2000
    Location
    orbis terrarum
    Posts
    1,523
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I finally figured it out. In php.ini
    session.save_path = "C:\WINDOWS\TEMP"
    was set to
    session.save_path = /tmp
    so PHP could not store its sessions on my Windows server.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •