http authentication gives 500 Internal S

neville

http authentication gives 500 Internal Server Error, the error log says malformed header..... how do I stop my headers from getting malformed ?

Here is my code :

<?php
function authenticate() {
header("WWW-authenticate: basic realm='Test Authentication System'");
header("HTTP/1.0 401 Unauthorized");
echo "You must enter a valid login ID and password to access this resource\n";
exit;
}

if(!isset($PHP_AUTH_USER)  ||  ($SeenBefore ==  1  &&  !strcmp($OldAuth,  $PHP_AUTH_USER))  )  {
  authenticate();
}  
else  {
  echo  "Welcome:  $PHP_AUTH_USER<BR>";
  echo  "Old:  $OldAuth";
  echo  "<FORM  ACTION=\"$PHP_SELF\"  METHOD=POST>\n";
  echo  "<INPUT  TYPE=HIDDEN  NAME=\"SeenBefore\"  VALUE=\"1\">\n";
  echo  "<INPUT  TYPE=HIDDEN  NAME=\"OldAuth\"  VALUE=\"$PHP_AUTH_USER\">\n";
 echo  "<INPUT  TYPE=Submit  VALUE=\"Re  Authenticate\">\n";
 echo  "</FORM>\n";

}
?>

Thanks.

Anon

i encountered the same thing as you, anyone here can help both of us out?

vasek

Hello,
I also had this problem. Change of

header("HTTP/1.0 401 Unauthorized");

header("Status: 401 Unauthorized");

helped me.

Unfortunately I encountered another problem that I did not solve yet. Nor

$PHP_AUTH_USER and $PHP_AUTH_PW

nor

$headers = getallheaders();
$auth=$headers[Authorization];

work for me. The second one does not work because I use php as cgi for Apache (I use NT and do not know how to make php run as a module). I'm not sure why the first way doesn't work.

Can anybody help me please?
Vasek

Anon

Hi,
i encountered the same ERROR 500...
(I'm using APACHE on a Win32 platform...)

I tried your suggestion changing "HTTP/1.0 401 Unauthorized" to "Status: 401 Unauthorized" - and it worked... 🙂

Nevertheless encounterd I another problem: when entering a user name and a password I am presentet yet another PLEASE-ENTER-USER-NAME-AND-PASSWORD-Window... Here's my Code:

<?php
if(!isset($PHP_AUTH_USER)) {
Header("WWW-Authenticate: Basic realm=\"My Realm\"");
Header("Status: 401 Unauthorized");
echo "Text to send if user hits Cancel button\n";
exit;
} else {
echo "Hello $PHP_AUTH_USER.<P>";
echo "You entered $PHP_AUTH_PW as your password.<P>";
}
?>

(Simple example from PHP-Documentation)

What's the problem???

Please help me!!!

vasek

Hi Christian,
I'm sorry - the example you have sent works fine on my machine. I'm using "apache_1_3_17-win32" and "php-4_0_4pl1-Win32". If it doesn't help, we can try to compare our php.ini and httpd.conf (please send in case you are interested).
Vasek

Anon

We had to switch from invoking php4 as
an Apache module to running it as a
CGI script. We found the same problem requiring the change to
"header("status: 401 Unauthorized"); ".

But like others we also find that when running
as a CGI script the "$PHP_AUTH_USER"
and other variables do NOT get set.

This makes it difficult to use the
simple authentication method....
to say the least.