PHP user authorization

Forum Moderators: coopster

Message Too Old, No Replies

PHP user authorization

php

Sfar512

4:32 am on Jan 28, 2003 (gmt 0)

ok...i have this following script...and i always get unauthorized user even if i enter the corect username and password

<?php

$LOGIN = "User";
$PASSWORD = "password";

function error ($error_message) {
echo $error_message."<BR>";
exit;
}

if ( (!isset($PHP_AUTH_USER)) ŚŚ! (($PHP_AUTH_USER == $LOGIN) && ( $PHP_AUTH_PW == "$PASSWORD" )) ) {
header("WWW-Authenticate: Basic entrer=\"Form2txt admin\"");
header("HTTP/1.0 401 Unauthorized");
error("Unauthorized access...");
}
?>

webpage code

can anyone help me fix it?

transistor

5:20 am on Jan 28, 2003 (gmt 0)

Hey Sfar512,
according to the PHP manual [php.net] you should use:

$_SERVER["PHP_AUTH_USER"]

with more recent versions of PHP, I can't remember which one right now.
Anyway, you should try it.

andreasfriedrich

5:29 am on Jan 28, 2003 (gmt 0)

Welcome to WebmasterWorld [webmasterworld.com] Sfar512.

Be sure to read Marcia`s WebmasterWorld Welcome and Guide to the Basics [webmasterworld.com] post.

You should indeed use the superglobal $_SERVER when accessing the username and password.

Basic HTTP Authentication [faqs.org] is done according to RFC2617. There is no authentication parameter entrer defined in RFC2617. Instead the basic authentication scheme requires the realm parameter. If you use that your script should work.

Andreas