Welcome to WebmasterWorld Guest from 54.144.7.239

Forum Moderators: mack

Message Too Old, No Replies

Header Authentication

doesnt work live

     
11:22 am on May 28, 2009 (gmt 0)

Junior Member

5+ Year Member

joined:Feb 2, 2009
posts:79
votes: 0


I am using Header authentication to enter the administrator page of my website..
While I developed and tested the site on localhost. it worked fine and still does..

But as I transfered all the files on my hosting provider, it tells me username and password wrong.. which I am sure cannot be wrong as it is in the script and I have access to it..

What might be the problem?

3:51 am on May 29, 2009 (gmt 0)

Junior Member

5+ Year Member

joined:Feb 2, 2009
posts:79
votes: 0


Ok ... I am using this code for authentication

<?php

// Username and Password for authorization

$username = 'somename';
$password = 'somepassword';

if(!isset($_SERVER['PHP_AUTH_USER']) !isset($_SERVER['PHP_AUTH_PW']) ($_SERVER['PHP_AUTH_USER'] != $username) ($_SERVER['PHP_AUTH_PW'] != $password)) {
// The username and password are incorrect and so send the authentication headers

header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate:Basic realm ="My website"');
exit('<div align="center"><h2> My website </h2> You must enter valid username and password to access this page.');

}

?>

10:06 am on May 30, 2009 (gmt 0)

Junior Member

5+ Year Member

joined:Oct 3, 2008
posts:96
votes: 0


My guess is you're going from an Apache handler version of PHP on localhost, to an implementation of fastCGI on your live host that doesn't handle the PHP_AUTH_* variables the same.

I'm not sure how to fix it, but perhaps that will get you going in the right direction.

4:51 am on May 31, 2009 (gmt 0)

Junior Member

5+ Year Member

joined:Feb 2, 2009
posts:79
votes: 0


yes yes .... you are right. I was using XAMPP to test the site offline.
I dont have much knowledge of fastCGI , or even CGI for that matter

Any pointers?

1:12 pm on June 11, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:Apr 30, 2007
posts:1394
votes: 0


right after the authorization headers dump the $_SERVER var and check the parameters it may help.

Although to avoid this kind of problem you could always setup the pw protection from your host's cpanel as this will protect the sub-folders too while the one you posted operates with the application script(s) only.