User authentication: how disable blank

Anon

I am testing for the first time PHP authentification, I see that works, but if you leave blank fields it works also, and this is not good... I have tried to modify in this way the example of PHP manual:

<?php
if(!isset($PHP_AUTH_USER)) {
Header("WWW-Authenticate: Basic realm=\"My Realm\"");
Header("HTTP/1.0 401 Unauthorized");
echo "Text to send if user hits Cancel button\n";
exit;
} else if ($PHP_AUTH_USER = ""){

echo "User field is empty";

} else {
echo "Hello $PHP_AUTH_USER.<P>";
echo "You entered $PHP_AUTH_PW as your password.<P>";
}
?>

but once again it seems that empty fields allow access to the page...

What I am missing ?

Is this kind of protection secure in your opinion ? Or should I take some precautions to crypt data and so on ?

Thank you for your answer !

Fabio

Anon

$PHP_AUTH_USER is always "set" by PHP, so you can't test that. Try:

if ($PHP_AUTH_USER) {
}
else {
}

which should check if there is a value (blank=false, "blah"=true)

-- Rich Rijnders
-- Irvine, CA