SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    SitePoint Addict s|k's Avatar
    Join Date
    Apr 2002
    Location
    Hilo, Hawai'i
    Posts
    266
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question $PHP_AUTH_USER doesn't make any sense to me

    Okay I have a sript out of a book that uses this function

    PHP Code:
    function login_form() {
        global $PHP_SELF;
    ?>
    <HTML>
    <HEAD>
    <TITLE>Login</TITLE>
    </HEAD>
    <BODY>
    <FORM METHOD="POST" ACTION="<? echo $PHP_SELF ?>">
        <DIV ALIGN="CENTER"><CENTER>
            <H3>Please log in to access the page you requested.</H3>
        <TABLE BORDER="1" WIDTH="200" CELLPADDING="2">
            <TR>
                <TH WIDTH="18%" ALIGN="RIGHT" NOWRAP>ID</TH>
                <TD WIDTH="82%" NOWRAP>
                    <INPUT TYPE="TEXT" NAME="userid" SIZE="8">
                </TD>
            </TR>
            <TR>
                <TH WIDTH="18%" ALIGN="RIGHT" NOWRAP>Password</TH>
                <TD WIDTH="82%" NOWRAP>
                    <INPUT TYPE="PASSWORD" NAME="userpassword" SIZE="8">
                </TD>
            </TR>
            <TR>
                <TD WIDTH="100%" COLSPAN="2" ALIGN="CENTER" NOWRAP>
                    <INPUT TYPE="SUBMIT" VALUE="LOGIN" NAME="Submit">
                </TD>
            </TR>
        </TABLE>
        </CENTER></DIV>
    </FORM>
    </BODY>
    </HTML>
    <?
    }
    and then it checks the database this way while logging user access:

    PHP Code:
    $query "SELECT userid FROM $access_log_tablename
                                WHERE page = '
    $PHP_SELF'
                                         AND userid = '
    $userid'";     
          
    $result mysql_query($query);
        
          if(!
    mysql_num_rows($result)) 
             
    $query "INSERT INTO $access_log_tablename 
                             VALUES ('
    $PHP_SELF', '$PHP_AUTH_USER', 1, NULL)";
          else 
    $query "UPDATE $access_log_tablename 
                         SET visitcount = visitcount + 1, accessdate = NULL 
                         WHERE page = '
    $PHP_SELF' AND userid = '$userid'";

          
    mysql_query($query); 
    What I don't understand is how $PHP_AUTH_USER was ever given a value.

    I RTFM and what I looked at was these two links:
    http://www.php.net/manual/en/features.http-auth.php
    http://www.php.net/manual/en/reserved.variables.php

    and I just can't seem to comprehend what is going on, I think I may be deficient in my http knowledge. Some one else on the bottom of the second link noticed that this variable wasnt even listed:
    moc tod balrednel ta mot
    09-Apr-2002 01:24

    Not listed here is $_SERVER["PHP_AUTH_USER"] or
    $_SERVER["PHP_AUTH_PW"]
    These are set only when .htaccess requires a password, and are set to the
    username and password used. Anybody's opinion on the security of these?
    If anyone knows where I could find out the answer to my problem or maybe hint me into the right direction I would be greatful.
    Last edited by s|k; May 4, 2002 at 17:40.

  2. #2
    SitePoint Addict s|k's Avatar
    Join Date
    Apr 2002
    Location
    Hilo, Hawai'i
    Posts
    266
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think I've found out part of my answer here:

    http://httpd.apache.org/docs/howto/auth.html#access
    In apache's online documentation, but since I never configured my Apache to do this, and since I only used a basic PHP script to check for authenticity, how did this $PHP_AUTH_USER ever get a value? It seems to me that you only get a value here if you had to enter in a Password and ID using apache's built in identification system. In a graphical browser like IE and Netscape, a popup box would appear, but this isnt what I'm doing.

  3. #3
    SitePoint Addict s|k's Avatar
    Join Date
    Apr 2002
    Location
    Hilo, Hawai'i
    Posts
    266
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    okay, it doesnt have a value, the book is wrong, the wrox online documentation is wrong, I'm submitting an errata :P

  4. #4
    gingham dress, army boots... silver trophy redux's Avatar
    Join Date
    Apr 2002
    Location
    Salford / Manchester / UK
    Posts
    4,838
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    s|k,

    don't blame other people if you can't understand it

    seriously though, this is the php code that pops up that authentication box. give it a whirl. once the user fills it in, the variables will contain the entered information:

    PHP Code:
    if ((!isset($PHP_AUTH_USER)) {
        
    // If empty, send header causing dialog box to appear
        
    header('WWW-Authenticate: Basic realm="Hey, you need to log in"');
        
    header('HTTP/1.0 401 Unauthorized');
        exit;
    } else {
        print(
    "Username: ".$_SERVER["$PHP_AUTH_USER"]." | Password: ".$_SERVER["$PHP_AUTH_PW"]);

    btw, as far i know these variables WON'T contain anything if you use the standard apache .htaccess-style authentication...it needs to be done from php like above.
    Last edited by redux; May 5, 2002 at 06:01.
    re·dux (adj.): brought back; returned. used postpositively
    [latin : re-, re- + dux, leader; see duke.]
    WaSP Accessibility Task Force Member
    splintered.co.uk | photographia.co.uk | redux.deviantart.com

  5. #5
    SitePoint Addict s|k's Avatar
    Join Date
    Apr 2002
    Location
    Hilo, Hawai'i
    Posts
    266
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thanx! I'll try it out. But what I was saying about the book being wrong was that it never supplied the code for a pop-up box or anything, it just had a standard <input type="password" name="password">. I understand $PHP_AUTH_USER now, moderatly anyhow, and it should have never been in that code in the book. I'm still reading up on this. Very interesting.

  6. #6
    gingham dress, army boots... silver trophy redux's Avatar
    Join Date
    Apr 2002
    Location
    Salford / Manchester / UK
    Posts
    4,838
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    s|k, my comment was meant in good spirit and i hope you understood it that way
    indeed, if the code for the actual popup wasn't included, this IS a grave omission...
    re·dux (adj.): brought back; returned. used postpositively
    [latin : re-, re- + dux, leader; see duke.]
    WaSP Accessibility Task Force Member
    splintered.co.uk | photographia.co.uk | redux.deviantart.com

  7. #7
    SitePoint Addict s|k's Avatar
    Join Date
    Apr 2002
    Location
    Hilo, Hawai'i
    Posts
    266
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    hehe


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •