Welcome to WebmasterWorld Guest from 54.242.72.36

Forum Moderators: brotherhood of lan & mack

Message Too Old, No Replies

Header Authentication

doesnt work live

     

naiquevin

11:22 am on May 28, 2009 (gmt 0)

5+ Year Member



I am using Header authentication to enter the administrator page of my website..
While I developed and tested the site on localhost. it worked fine and still does..

But as I transfered all the files on my hosting provider, it tells me username and password wrong.. which I am sure cannot be wrong as it is in the script and I have access to it..

What might be the problem?

naiquevin

3:51 am on May 29, 2009 (gmt 0)

5+ Year Member



Ok ... I am using this code for authentication

<?php

// Username and Password for authorization

$username = 'somename';
$password = 'somepassword';

if(!isset($_SERVER['PHP_AUTH_USER']) !isset($_SERVER['PHP_AUTH_PW']) ($_SERVER['PHP_AUTH_USER'] != $username) ($_SERVER['PHP_AUTH_PW'] != $password)) {
// The username and password are incorrect and so send the authentication headers

header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate:Basic realm ="My website"');
exit('<div align="center"><h2> My website </h2> You must enter valid username and password to access this page.');

}

?>

jkovar

10:06 am on May 30, 2009 (gmt 0)

5+ Year Member



My guess is you're going from an Apache handler version of PHP on localhost, to an implementation of fastCGI on your live host that doesn't handle the PHP_AUTH_* variables the same.

I'm not sure how to fix it, but perhaps that will get you going in the right direction.

naiquevin

4:51 am on May 31, 2009 (gmt 0)

5+ Year Member



yes yes .... you are right. I was using XAMPP to test the site offline.
I dont have much knowledge of fastCGI , or even CGI for that matter

Any pointers?

enigma1

1:12 pm on Jun 11, 2009 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



right after the authorization headers dump the $_SERVER var and check the parameters it may help.

Although to avoid this kind of problem you could always setup the pw protection from your host's cpanel as this will protect the sub-folders too while the one you posted operates with the application script(s) only.

 

Featured Threads

Hot Threads This Week

Hot Threads This Month