Welcome to WebmasterWorld Guest from

Forum Moderators: mack

Message Too Old, No Replies

Header Authentication

doesnt work live

11:22 am on May 28, 2009 (gmt 0)

Junior Member

5+ Year Member

joined:Feb 2, 2009
votes: 0

I am using Header authentication to enter the administrator page of my website..
While I developed and tested the site on localhost. it worked fine and still does..

But as I transfered all the files on my hosting provider, it tells me username and password wrong.. which I am sure cannot be wrong as it is in the script and I have access to it..

What might be the problem?

3:51 am on May 29, 2009 (gmt 0)

Junior Member

5+ Year Member

joined:Feb 2, 2009
votes: 0

Ok ... I am using this code for authentication


// Username and Password for authorization

$username = 'somename';
$password = 'somepassword';

if(!isset($_SERVER['PHP_AUTH_USER']) !isset($_SERVER['PHP_AUTH_PW']) ($_SERVER['PHP_AUTH_USER'] != $username) ($_SERVER['PHP_AUTH_PW'] != $password)) {
// The username and password are incorrect and so send the authentication headers

header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate:Basic realm ="My website"');
exit('<div align="center"><h2> My website </h2> You must enter valid username and password to access this page.');



10:06 am on May 30, 2009 (gmt 0)

Junior Member

5+ Year Member

joined:Oct 3, 2008
votes: 0

My guess is you're going from an Apache handler version of PHP on localhost, to an implementation of fastCGI on your live host that doesn't handle the PHP_AUTH_* variables the same.

I'm not sure how to fix it, but perhaps that will get you going in the right direction.

4:51 am on May 31, 2009 (gmt 0)

Junior Member

5+ Year Member

joined:Feb 2, 2009
votes: 0

yes yes .... you are right. I was using XAMPP to test the site offline.
I dont have much knowledge of fastCGI , or even CGI for that matter

Any pointers?

1:12 pm on June 11, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Apr 30, 2007
votes: 0

right after the authorization headers dump the $_SERVER var and check the parameters it may help.

Although to avoid this kind of problem you could always setup the pw protection from your host's cpanel as this will protect the sub-folders too while the one you posted operates with the application script(s) only.


Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members