Authentication Problem!! [Archive] - vBulletin Community Forum

View Full Version : Authentication Problem!!

HSN

Wed 13th Aug '03, 8:46am

Hello,

I'm writing a script for authentication purposes:

<?php //Authentication

$authentication = FALSE;

if ( isset ($_SERVER['PHP_AUTH_USER']) AND isset ($_SERVER['PHP_AUTH_PW']) )
{
require_once ("connect.php");

$query = "SELECT user_id FROM users WHERE username = '{$_SERVER['PHP_AUTH_USER']}' AND password = PASSWORD ('{$_SERVER['PHP_AUTH_PW']}')";

$result = @mysql_query ($query);

$row = mysql_fetch_array ($result);

if ($row)
{
$authentication = TRUE;
}
else
{
echo "Not OK!";
}

}

if (!$authentication)
{
header ( ' WWW-Authenticate: Basic realm = "My Web Site" ' );
header('HTTP/1.0 401 Unauthorized');
}

?>

But it does not give the permission! In fact it doesn't go through the first if statement:

if ( isset ($_SERVER['PHP_AUTH_USER']) AND isset ($_SERVER['PHP_AUTH_PW']) )
{
require_once ("connect.php");

$query = "SELECT user_id FROM users WHERE username = '{$_SERVER['PHP_AUTH_USER']}' AND password = PASSWORD ('{$_SERVER['PHP_AUTH_PW']}')";

$result = @mysql_query ($query);

$row = mysql_fetch_array ($result);
.
.
.

Please help me with it.

i am coo man

Wed 13th Aug '03, 11:54am

Well where are you getting the $_SERVER values from? Are you sure they are set? Mabye you mean $_POST, $_SESSION, $_GET or $_COOKIE?

also this:

if ($row)
{
$authentication = TRUE;
}
else
{
echo "Not OK!";
}

might wanna become this:

if (mysql_num_rows($row) == 1)
{
$authentication = TRUE;
}
else
{
echo "Not OK!";
}

oh and use && not AND i believe

HSN

Wed 13th Aug '03, 4:15pm

Well...

The $_SERVER values should come from the put up dialog!

But the problem is in the first if statement.

i am coo man

Wed 13th Aug '03, 7:35pm

if ( $_SERVER['PHP_AUTH_USER'] && $_SERVER['PHP_AUTH_PW'] )
{ ... }

try that

Also you might wanna try echoing the two server values before the if statement to see if they have a value or not, if not you know thats the problem.

HSN

Thu 14th Aug '03, 6:23am

Yes, infact this is the problem.. They do not contain any value. I just checked the script, it works fine when I assign any value to those variables but they don't get values from the pop up dialog!
How can I improve this?

i am coo man

Thu 14th Aug '03, 10:50pm

Well first PHP must be running as a apache module for...no CGI mode. Also check if you are running 4.1 or higher else the $_SERVER variable would not be set to that. Try mabye the $HTTP_SERVER_VARS variable, though make sure you make it global in any function you use it in, if you are.

Other than that I dunno :|

HSN

Fri 15th Aug '03, 12:31pm

Thank you anyway.. I'll give it another try.