PDA

Click to See Complete Forum and Search --> : Basic Hard Coded Authentication Error!

techwizz
Jul 17th, 2005, 07:24 PM
Hello vbforums,

I am having errors with basic php authentication.

In this example i have used hard coding for username and password.

I've done database & flat file authentication in the past, but i cant seem to see the error in this code.

In fact i've taken it straight from a book.

The code...

<?php
if (($_SERVER['PHP_AUTH_USER'] !='username') || ($_SERVER['PHP_AUTH_PW'] !='password'))

{

header('WWW-Authenticate: Basic Realm="Members Area"');
header('HTTP/1.0 401 Unauthorized');
echo('This is a members only area!');
die;

}

//Members stuff here

echo('You have reached the members area!');
?>

Maybe my php version is not up to date.

Any help would be appreciated!
:ehh:


:sick:
lintz
Jul 17th, 2005, 09:35 PM
What is the error you're getting?

Do you get access to your members zone or the message saying "'This is a members only area!'"?
visualAd
Jul 18th, 2005, 01:22 AM
Also remember that you only have access to the PHP_AUTH_USER and PHP_AUTH_PW variables if PHP is running as a module.
techwizz
Jul 18th, 2005, 07:45 PM
Yes the error is that it says "Members area only" so its not letting me authenticate with proper username and password.

What do you mean Visual.. only running as a module?

I know what a moule is.. but am confused. You mean like a php-nuke module .. something being called indirectly within the subset of another program?
visualAd
Jul 19th, 2005, 04:49 PM
When PHP runs as a module, it is started when the server process starts and each request to a PHP page runs as a thread which is part of the server process. As such PHP has access to all the request and envrionment variables the the server has access to.

When PHP runs as a CGI, each request to a PHP page causes the PHP interpreter to run as a separate process. The CGI sepcification does not require that information about HTTP authentication variables be passed to the CGI program, as HTTP authentication is something which is handled by the HTTP server.

If PHP is running as a CGI program then it is likely that you will not be able to see the HTTP authentication variables and hence be unable use it in your PHP program. You can see whether PHP is running as a module or CGI program by using the phpinfo() function and looking at the line which says Server API. If it says CGI then I'm afraid you will need to use a PHP based authentication system.