Hi galileo5,

Probably a register globals [uk.php.net] issue. Try using $_SERVER['PHP_AUTH_USER'] & $_SERVER['PHP_AUTH_PW'] instead.

dc

Hi, dreamcatcher.

I should have pointed out that I'm new to PHP. Is this how my coding should be?

<?php

if ( (!isset( $_SERVER['PHP_AUTH_USER'] )) ¦¦ (!isset($_SERVER['PHP_AUTH_PW']))
¦¦ ( $_SERVER['PHP_AUTH_USER']!= 'user' ) ¦¦ ( $_SERVER['PHP_AUTH_PW']!= 'open' ) ) {

header( 'WWW-Authenticate: Basic realm="Private"' );
header( 'HTTP/1.0 401 Unauthorized' );
echo 'Authorization Required.';
exit;

} else {

echo 'Success!';

}
?>

If this is correct, it still won't recognize my entries.

What am I doing wrong?

Thanks for the help!

galileo5,

I just tried that code on my local server and it worked fine.

dc

PHP_AUTH_USER and PHP_AUTH_PW are filled when the page/directory is being accessed with Apache access controls. Have you setup Apache to password protect the page/directory [webmasterworld.com]?

Added: Also, try echo'ing $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] to see what they contain. :)

Aside from installing Apache, is there any other method of password-protecting that one page?

Perhaps something simpler, maybe not using PHP_AUTH_USER and PHP_AUTH_PW at all?

Thanks again.

Yes if you are allowed to use/edit a " .htaccess " and a " .htpasswd " files.

search for .htpasswd and .htaccess

henry0,

Thanks for the suggestion, but don't you need Unix for that?

I read that I could also use my database to store user/pass, so I'll go with that since that is what I've been working with all along; but I'm still having problems, which is frustrating since I thought authenticating with a database would be a piece of cake.

"my_dbtest" is the name of my database. "News" is the name of my table. I have "user" and "pass" as my columns. Let's say my user name is "xyz" and my pass is "abc." Here's my code:

<?php

$auth = false; // Assume user is not authenticated

if (isset( $PHP_AUTH_USER ) && isset($PHP_AUTH_PW)) {

// Connect to MySQL

mysql_connect( 'mysql', '***', '***' )
or die ( 'Unable to connect to server.' );

// Select database on MySQL server

mysql_select_db( 'my_dbtest' )
or die ( 'Unable to select database.' );

// Formulate the query

$sql = "SELECT * FROM news WHERE
user = '$PHP_AUTH_USER' AND
pass = '$PHP_AUTH_PW'";

// Execute the query and put results in $result

$result = mysql_query( $sql )
or die ( 'Unable to execute query.' );

// Get number of rows in $result.

$num = mysql_numrows( $result );

if ( $num!= 0 ) {

// A matching row was found - the user is authenticated.

$auth = true;

}

}

if (! $auth ) {

header( 'WWW-Authenticate: Basic realm="Private"' );
header( 'HTTP/1.0 401 Unauthorized' );
echo 'Authorization Required.';
exit;

} else {

echo '<P>You are authorized!</P>';
}

?>

It's still not taking xyz and abc.

Is there a command that I'm overlooking? Or is there another program that I have to install like Apache?

Thanks for the help.

Try to run a simple php script like:

<?php
phpinfo();
?>

Name the page test.php, upload it to your server and call it from your browser.
Let us know if it generated a result.

Further the page that you you try to use the Auth script has an extension PHP isn't it?

I am concerned by the fact that you mentioned something about "running Apache".
How's your PHP running?

It genereated PHP Version 4.3.11. So, it does work.

And yes, the page that calls on the dialogue does have the .php extension.

What now?

After:
<?php

Insert:(As per WhoisGregg)

echo $_SERVER['PHP_AUTH_USER'];
echo"<p>";
echo $_SERVER['PHP_AUTH_PW'];
and let us know what was returned
BTW
Is your PHP running on windows?

if so there are some known limitations but I have no clue about it.

Is this what you wanted me to enter?

<?php

(As per WhoisGregg)

echo $_SERVER['PHP_AUTH_USER'];
echo '<p>';
echo $_SERVER['PHP_AUTH_PW'];

phpinfo();

?>

If so, it returned a blank page.

And yes, I am running all of this on Windows.

FYI, my database is running just fine. I just want to password protect this one page in the event someone should find it.

BTW, in case this ends up not working at all for me, what are the odds of some hacker finding this page?

Did you entered it as per your bold post:
<?php
(As per WhoisGregg) YOU DO NOT NEED THIS

echo $_SERVER['PHP_AUTH_USER'];
echo '<p>';
echo $_SERVER['PHP_AUTH_PW'];

phpinfo(); YOU DO NOT NEED THIS
?>

TRY: (PASTE ONLY THE FOLLOWING TO THE TEST PHP PAGE)
<?php
error_report(E_ALL);

echo "<p>USER {$_SERVER['PHP_AUTH_USER']}.</p>";
echo "<p>PW {$_SERVER['PHP_AUTH_PW']}.</p>";
?>

Also:
I think that your actual script
might work only if PHP is installed as an Apache module.
Someone asked me recently about the following
it seems easy to install
Give it a try [phpfreaks.com]

Aside from installing Apache, is there any other method of password-protecting that one page?
Perhaps something simpler, maybe not using PHP_AUTH_USER and PHP_AUTH_PW at all?

If you have just a single page... and you can't password protect it in one of the "real" ways... And it's really just to protect a page for your own use... and you are okay with using code posted on forums... then you can use this snippet. :)

Insert at the very top of your page (this forum breaks the pipe "¦" character, fix it before using):

<?php
$username = 'somename'; // Set to the desired username
$password = 'somepass'; // set to the desired password
if(
(!isset($_POST['u_name'])) ¦¦ 
(!isset($_POST['u_pass'])) ¦¦ 
(empty($_POST['u_name'])) ¦¦ 
(empty($_POST['u_pass'])) ¦¦ 
($_POST['u_name']!= $username) ¦¦ 
($_POST['u_pass']!= $password)
){
// Then the user should be presented with a login form.
echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<title>Restricted</title>
</head>
<body>
<form action="" method="post">
<p>Username: <input type="text" name="u_name" /></p>
<p>Password: <input type="text" name="u_pass" /></p>
<p><input type="submit" value="Submit" /></p>
</form>
</body>
</html>
';
die; // Important! :)
} // the rest of your page continues below this point
?>

henry0, I entered it in various ways to see if anything would show on my test page. And yes, I even entered (whoisgregg) in the code, like the fool that I am. I should have known that whoisgregg was one of the nice guys who attempted to help me out earlier, but I was so determined to get this to work, my common sense flew out the window. I tried it without the (whoisgregg) and without phpinfo(), and it still resulted in a blank page.

I also did the error report (copied/pasted as you instructed), and it still showed up blank.

I was going to attempt the link you provided (take another shot at Apache), until I read whoisgregg's post. I think it's obvious to all that my computer is behind the times. I used whoisgregg's suggestion, and it worked!

so, whoisgregg and henry0, I would like to give the both of you a sincere thanks for helping me out. You guys don't realize how much this means to me.

Thank you!

Always happy to help. :)