...

View Full Version : Http-Authenticate Problems



JDMallion
01-29-2007, 07:37 PM
Hi guys have come here before and you are always so helpfull and was wondering if you had ideas why my code below isn't working? I am using an include on the pages I want to protect but it just brings up the login box over and over again even with the correct user and pass.

Is there a specific type of formatting to use in the database fields?

Any help is much appreciated guys! :confused:



<?
if (! LoginOK($PHP_AUTH_USER, $PHP_AUTH_PW) ) {
header('WWW-Authenticate: Basic realm="Protected Area"');
header('HTTP/1.0 401 Unauthorized') ;

echo "<br /><br /><p align=\"center\"> You are not authorized to view this page </p>" ;

exit;
}


//Check the passord if it has been entered

function LoginOK($user, $pass)
{
// make sure we have got a username and password
if (empty($user) || empty($pass))
{
return false;
}
else
{
//We have a User and Pass, so check they are correct

//Set up some variables

mysql_connect("hostaddress", "username", "password");
mysql_select_db("meadschool");

$result = mysql_query("SELECT COUNT(*) AS numfound FROM authTable WHERE meadUsername='$user' AND meadPassword='$pass'");

mysql_error();

// Decide what we are going to allow

$result_ar = mysql_fetch_array($result) ;

if ($result_ar['numfound'] < '1') // login failed

{
return false;
}
else
{
// login success
return true;
}
}

;}


?>

raf
01-30-2007, 08:29 AM
i would remove the ; before the closing } + it might be smart to remove the db-account details as well ...

regarding the problem
--> you are running PHP as an Apache module, right?
--> have you tried printing out the $PHP_AUTH_USER and $PHP_AUTH_PW?
--> maybe rewrite


$result = mysql_query("SELECT COUNT(*) AS numfound FROM authTable WHERE meadUsername='$user' AND meadPassword='$pass'");

mysql_error();

// Decide what we are going to allow

$result_ar = mysql_fetch_array($result) ;

if ($result_ar['numfound'] < '1') // login failed

{
return false;
}
else
{
// login success
return true;
}

into


$sql = "SELECT COUNT(*) FROM authTable WHERE meadUsername='$user' AND meadPassword='$pass'";
$result = mysql_query($sql) or die('Queryproblem: ' . mysql_error() . '<br />'. $sql);
if (mysql_result($result, 0) != '1') // login failed
{
echo 'Debugging: ', mysql_result($result, 0) ,' records found when expected 1 from query <br />', $sql;
return false;
}
else
{
return true;
}

JDMallion
01-30-2007, 07:24 PM
is still not working guys it just keeps bringing the user and pass box back up every time even when I enter the correct username and password!!

Sorry to keep bothering you guys but I have a deadline on this project and am eager to get this started!! :(

Am currently using this code




<?
if (! LoginOK($PHP_AUTH_USER, $PHP_AUTH_PW) ) {
header('WWW-Authenticate: Basic realm="Protected Area"');
header('HTTP/1.0 401 Unauthorized') ;

echo "<br /><br /><p align=\"center\"> You are not authorized to view this page </p>" ;

exit;
}


//Check the passord if it has been entered

function LoginOK($user, $pass)
{
// make sure we have got a username and password
if (empty($user) || empty($pass))
{
return false;
}
else
{
//We have a User and Pass, so check they are correct

//Set up some variables

mysql_connect("HOST ADDRESS", "SQLUSERNAME", "SQLPASSWORD");
mysql_select_db("meadschool");

$sql = "SELECT COUNT(*) FROM authTable WHERE meadUsername='$user' AND meadPassword='$pass'";
$result = mysql_query($sql) or die('Queryproblem: ' . mysql_error() . '<br />'. $sql);
if (mysql_result($result, 0) != '1') // login failed
{
echo 'Debugging: ', mysql_result($result, 0) ,' records found when expected 1 from query <br />', $sql;
return false;
}
else
{
return true;
}
}

}


?>



Could it be something to do with the format of the cells in the sql table

Oh and here is the headers and stuff from the page I am trying to use the http Auth code on:




<?
include('IncHttpAuthenticate.php');
include('Inc.DbConnect.php');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Mead School - Bulletin Board Admin</title>
<link href="../mead.css" rel="stylesheet" type="text/css" />
</head>




If this still won't work is there any other way of getting round this problem, ie another authentication method!!

angst
01-30-2007, 07:46 PM
you need to debug this:



function LoginOK($user, $pass)
{
// make sure we have got a username and password
if (empty($user) || empty($pass))
{
echo "Validate User/Pass";
exit;
return false;
}
else
{
echo "User/Pass Good, move next";
exit;
//We have a User and Pass, so check they are correct

//Set up some variables

mysql_connect("HOST ADDRESS", "SQLUSERNAME", "SQLPASSWORD");
mysql_select_db("meadschool");

$sql = "SELECT COUNT(*) FROM authTable WHERE meadUsername='$user' AND meadPassword='$pass'";
$result = mysql_query($sql) or die('Queryproblem: ' . mysql_error() . '<br />'. $sql);
if (mysql_result($result, 0) != '1') // login failed
{
echo "Login Failed";
exit;
echo 'Debugging: ', mysql_result($result, 0) ,' records found when expected 1 from query <br />', $sql;
return false;
}
else
echo "Login success";
exit;
{
return true;
}
}

}


keep going through it like that and commenting out the exit tags untill you find the problem area.

also you could try adding:


echo mysql_errno() . ": " . mysql_error() . "\n";


this will display additional mysql error messages,

JDMallion
01-30-2007, 08:01 PM
right then it crashes at the point I marked out bellow and just keeps bringing the username and pass box back up :mad: GOD I'M CONFUSED

Sorry to keep bothering you guys, just I am new to all of this malarky!!




function LoginOK($user, $pass)
{
// make sure we have got a username and password
if (empty($user) || empty($pass))
{
return false;
}
else
{
echo "User/Pass Good, move next"; // does not display this message
exit;


Any Ideas why?

CFMaBiSmAd
01-30-2007, 08:01 PM
Try using - $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW']

angst
01-30-2007, 08:16 PM
so it's stopping here:

if (empty($user) || empty($pass)) ??

if so, try:


echo $user . "<br />";
echo $pass;
exit;

at the top of the function.

just to make sure that the values are making it this far.

JDMallion
01-30-2007, 08:23 PM
Woooo Hooo You beauty!!

Thankyou so much for all of the help guys it is all working and you have saved the day again!!


It was the whole

$_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW']

issue!

Just out of interest why did it require those instead of the ones I was using?

:thumbsup:

Thanks again guys :)

CFMaBiSmAd
01-30-2007, 08:45 PM
$PHP_AUTH_USER, $PHP_AUTH_PW are dependent upon register_globals being on. Unfortunately, there is a lot of code, tutorials, books... written that assmume that register_globals are on (it is off by default in all recent versions of PHP and will be removed entriely at version 6.) Register_globals seemed like a good idea at the time (automatically make a bunch of variables global) however it introduced a lot more problems than the programming short-cuts that it provided were worth.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum