Forum Moderators: coopster
Now I put this page on the real web server, and I get the same authentication dialog box. I enter the correct login name and password, but after clicking OK in the dialog box, the same dialog box with the same realm appears again. I'm not allowed to see that page.
I've reproduced my problem with a very simple PHP script, as presented as Example #1 on:
[php.net...]
The page is currently on line and can be viewed here:
I understand that things should work as follows:
1. I request the page through my browser
2. The server sees that $_SERVER['PHP_AUTH_USER'] is not set, the if-statement is true, and the "header" statements are being executed, which gives me the dialog box in which I can fill in the Username and the Password.
3. I fill in the Username and the Password and I press OK
4. The browser requests the same page again, but adds extra authentication information, being the Username and the Password that I provided.
5. Now $_SERVER['PHP_AUTH_USER'] is set, and the code will execute through the else clause.
This does not happen. The if-statement is always evaluated as TRUE.
I used web-sniffer to monitor what happens. The first request does not yet contain the authentication information:
Connect to 66.96.145.*** on port 80 ... ok
GET /test.php HTTP/1.1[CRLF]
Host: www.cendep.org[CRLF]
Connection: close[CRLF]
User-Agent: Web-sniffer/1.0.29 (+http://web-sniffer.net/)[CRLF]
Accept-Encoding: gzip[CRLF]
Accept-Charset: ISO-8859-1,UTF-8;q=0.7,*;q=0.7[CRLF]
Cache-Control: no[CRLF]
Accept-Language: de,en;q=0.7,en-us;q=0.3[CRLF]The server answers with the following:
[fixed]HTTP Status Code: HTTP/1.1 401 Unauthorized
The dialog asking for username and password is shown. Then I fill in the username George and the password Egroeg and resend the page request. Indeed I can see that some authentication information is being sent:
Connect to 66.96.145.*** on port 80 ... ok
GET /test.php HTTP/1.1[CRLF]
Host: www.example.org[CRLF]
Connection: close[CRLF]
Accept-Charset: ISO-8859-1,UTF-8;q=0.7,*;q=0.7[CRLF]
Cache-Control: no[CRLF]
Authorization: Basic R2VvcmdlOkVncm9lZw==[CRLF]
Accept-Language: de,en;q=0.7,en-us;q=0.3[CRLF]If I decode the authorization string, using:
[fixed]echo 'Decoding gives: '.base64_decode('R2VvcmdlOkVncm9lZw==');
I indeed find back the colon separated username and password:
Decoding gives: George:Egroeg
This is the way it should be. Only the response from the server (another
HTTP Status Code: HTTP/1.1 401 Unauthorized) is not what I expect. I expect the regular page contents (the else clause in the PHP script).
I contacted the help desk of the company where I host the website, but they said that they don't give programming support.
If you want to help, please realize that this is the first time that I am putting a page with HTTP Authentication on the net. So it might be that I overlook something very simple.
Any hint how to look for the problem is welcome.
[edited by: jatar_k at 2:19 pm (utc) on July 30, 2009] no urls please
[edited by: coopster at 2:03 pm (utc) on Aug. 15, 2009]
[edit reason] please use example.org [/edit]
I would turn up error reporting temporarily on your live server and/or check your logs for the issue. Is your live server running PHP as an Apache module?
The HTTP Authentication hooks in PHP are only available when it is running as an Apache module and is hence not available in the CGI version.
