Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 9 of 9
  1. #1
    New Coder
    Join Date
    Sep 2006
    Posts
    22
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Question Http-Authenticate Problems

    Hi guys have come here before and you are always so helpfull and was wondering if you had ideas why my code below isn't working? I am using an include on the pages I want to protect but it just brings up the login box over and over again even with the correct user and pass.

    Is there a specific type of formatting to use in the database fields?

    Any help is much appreciated guys!

    PHP Code:
    <?
    if (! LoginOK($PHP_AUTH_USER$PHP_AUTH_PW) ) {
        
    header('WWW-Authenticate: Basic realm="Protected Area"');
        
    header('HTTP/1.0 401 Unauthorized') ;

        echo 
    "<br /><br /><p align=\"center\"> You are not authorized to view this page </p>" 

        exit;
    }


    //Check the passord if it has been entered

    function LoginOK($user$pass)
    {
        
    // make sure we have got a username and password 
        
    if (empty($user) || empty($pass))
            {
                return 
    false;
            }
            else 
            {
                
    //We have a User and Pass, so check they are correct
                
                //Set up some variables

                
    mysql_connect("hostaddress""username""password");
                
    mysql_select_db("meadschool");                    
        
                
    $result mysql_query("SELECT COUNT(*) AS numfound FROM authTable WHERE meadUsername='$user' AND meadPassword='$pass'");
                
                
    mysql_error();
                
                
    // Decide what we are going to allow
                
                
    $result_ar mysql_fetch_array($result) ; 
                
                if (
    $result_ar['numfound'] < '1'// login failed
                
                
    {
                    return 
    false;
                }
                else 
                {
                
    // login success
                    
    return true;
                }
            }
                    
    ;}
        

    ?>
    Last edited by JDMallion; 01-30-2007 at 09:14 AM.

  • #2
    raf
    raf is offline
    Master Coder
    Join Date
    Jul 2002
    Posts
    6,589
    Thanks
    0
    Thanked 0 Times in 0 Posts
    i would remove the ; before the closing } + it might be smart to remove the db-account details as well ...

    regarding the problem
    --> you are running PHP as an Apache module, right?
    --> have you tried printing out the $PHP_AUTH_USER and $PHP_AUTH_PW?
    --> maybe rewrite
    PHP Code:
    $result mysql_query("SELECT COUNT(*) AS numfound FROM authTable WHERE meadUsername='$user' AND meadPassword='$pass'");
                
                
    mysql_error();
                
                
    // Decide what we are going to allow
                
                
    $result_ar mysql_fetch_array($result) ; 
                
                if (
    $result_ar['numfound'] < '1'// login failed
                
                
    {
                    return 
    false;
                }
                else 
                {
                
    // login success
                    
    return true;
                } 
    into
    PHP Code:
    $sql "SELECT COUNT(*) FROM authTable WHERE meadUsername='$user' AND meadPassword='$pass'";
    $result mysql_query($sql) or die('Queryproblem: ' mysql_error() . '<br />'$sql);
    if (
    mysql_result($result0) != '1'// login failed
    {
        echo 
    'Debugging: 'mysql_result($result0) ,' records found when expected 1 from query <br />'$sql;
        return 
    false;
    }
        else 
    {
         return 
    true;

    Posting guidelines I use to see if I will spend time to answer your question : http://www.catb.org/~esr/faqs/smart-questions.html

  • #3
    New Coder
    Join Date
    Sep 2006
    Posts
    22
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Still no joy

    is still not working guys it just keeps bringing the user and pass box back up every time even when I enter the correct username and password!!

    Sorry to keep bothering you guys but I have a deadline on this project and am eager to get this started!!

    Am currently using this code

    PHP Code:

    <?
    if (! LoginOK($PHP_AUTH_USER$PHP_AUTH_PW) ) {
        
    header('WWW-Authenticate: Basic realm="Protected Area"');
        
    header('HTTP/1.0 401 Unauthorized') ;

        echo 
    "<br /><br /><p align=\"center\"> You are not authorized to view this page </p>" 

        exit;
    }


    //Check the passord if it has been entered

    function LoginOK($user$pass)
    {
        
    // make sure we have got a username and password 
        
    if (empty($user) || empty($pass))
            {
                return 
    false;
            }
            else 
            {
                
    //We have a User and Pass, so check they are correct
                
                //Set up some variables

                
    mysql_connect("HOST ADDRESS""SQLUSERNAME""SQLPASSWORD");
                
    mysql_select_db("meadschool");                    
        
                
    $sql "SELECT COUNT(*) FROM authTable WHERE meadUsername='$user' AND meadPassword='$pass'";
                
    $result mysql_query($sql) or die('Queryproblem: ' mysql_error() . '<br />'$sql);
                if (
    mysql_result($result0) != '1'// login failed
                
    {
                    echo 
    'Debugging: 'mysql_result($result0) ,' records found when expected 1 from query <br />'$sql;
                    return 
    false;
                }
                    else 
                {
                     return 
    true;
                }  
            }
                    
    }
        

    ?>
    Could it be something to do with the format of the cells in the sql table

    Oh and here is the headers and stuff from the page I am trying to use the http Auth code on:

    PHP Code:

    <?
    include('IncHttpAuthenticate.php');
    include(
    'Inc.DbConnect.php');
    ?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <title>Mead School - Bulletin Board Admin</title>
    <link href="../mead.css" rel="stylesheet" type="text/css" />
    </head>

    If this still won't work is there any other way of getting round this problem, ie another authentication method!!

  • #4
    Senior Coder angst's Avatar
    Join Date
    Apr 2004
    Location
    Toronto, Ontario
    Posts
    2,114
    Thanks
    15
    Thanked 122 Times in 122 Posts
    you need to debug this:

    PHP Code:
    function LoginOK($user$pass

        
    // make sure we have got a username and password  
        
    if (empty($user) || empty($pass)) 
            { 
    echo 
    "Validate User/Pass";
    exit;
                return 
    false
            } 
            else  
            { 
    echo 
    "User/Pass Good, move next";
    exit;
                
    //We have a User and Pass, so check they are correct 
                 
                //Set up some variables 

                
    mysql_connect("HOST ADDRESS""SQLUSERNAME""SQLPASSWORD"); 
                
    mysql_select_db("meadschool");                     
         
                
    $sql "SELECT COUNT(*) FROM authTable WHERE meadUsername='$user' AND meadPassword='$pass'"
                
    $result mysql_query($sql) or die('Queryproblem: ' mysql_error() . '<br />'$sql); 
                if (
    mysql_result($result0) != '1'// login failed 
                

    echo 
    "Login Failed";
    exit;
                    echo 
    'Debugging: 'mysql_result($result0) ,' records found when expected 1 from query <br />'$sql
                    return 
    false
                } 
                    else
    echo 
    "Login success";
    exit;
                { 
                     return 
    true
                }   
            } 
                     

    keep going through it like that and commenting out the exit tags untill you find the problem area.

    also you could try adding:
    PHP Code:
    echo mysql_errno() . ": " mysql_error() . "\n"
    this will display additional mysql error messages,

  • #5
    New Coder
    Join Date
    Sep 2006
    Posts
    22
    Thanks
    1
    Thanked 0 Times in 0 Posts
    right then it crashes at the point I marked out bellow and just keeps bringing the username and pass box back up GOD I'M CONFUSED

    Sorry to keep bothering you guys, just I am new to all of this malarky!!


    PHP Code:
    function LoginOK($user$pass

        
    // make sure we have got a username and password  
        
    if (empty($user) || empty($pass)) 
            { 
                return 
    false
            } 
            else  
            { 
    echo 
    "User/Pass Good, move next"// does not display this message
    exit; 
    Any Ideas why?

  • #6
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Location
    Denver, Colorado USA
    Posts
    3,036
    Thanks
    2
    Thanked 316 Times in 308 Posts
    Try using - $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW']
    If you are learning PHP, developing PHP code, or debugging PHP code, do yourself a favor and check your web server log for errors and/or turn on full PHP error reporting in php.ini or in a .htaccess file to get PHP to help you.

  • #7
    Senior Coder angst's Avatar
    Join Date
    Apr 2004
    Location
    Toronto, Ontario
    Posts
    2,114
    Thanks
    15
    Thanked 122 Times in 122 Posts
    so it's stopping here:

    if (empty($user) || empty($pass)) ??

    if so, try:
    PHP Code:
    echo $user "<br />";
    echo 
    $pass;
    exit; 
    at the top of the function.

    just to make sure that the values are making it this far.

  • #8
    New Coder
    Join Date
    Sep 2006
    Posts
    22
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Woooo Hooo You beauty!!

    Thankyou so much for all of the help guys it is all working and you have saved the day again!!


    It was the whole

    $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW']

    issue!

    Just out of interest why did it require those instead of the ones I was using?



    Thanks again guys

  • #9
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Location
    Denver, Colorado USA
    Posts
    3,036
    Thanks
    2
    Thanked 316 Times in 308 Posts
    $PHP_AUTH_USER, $PHP_AUTH_PW are dependent upon register_globals being on. Unfortunately, there is a lot of code, tutorials, books... written that assmume that register_globals are on (it is off by default in all recent versions of PHP and will be removed entriely at version 6.) Register_globals seemed like a good idea at the time (automatically make a bunch of variables global) however it introduced a lot more problems than the programming short-cuts that it provided were worth.
    If you are learning PHP, developing PHP code, or debugging PHP code, do yourself a favor and check your web server log for errors and/or turn on full PHP error reporting in php.ini or in a .htaccess file to get PHP to help you.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •