What did i do wrong?

techjosh

I have been working on this authentication script for days but it just doesnt seem to be working. I need a fresh set of eyes to look it over and tell me where i messed up.
---begin auth.php
<?php
Function getdb() {
$filename = "/path/to/webpass.txt"; //path to password list
$fd = fopen ($filename, "r"); //webpass.txt looks like this:
$i = 0; //username:password
for ($i = 0;!feof($fd);$i++) { //bob:fishing
$buffer[$i] = fgets($fd, 4096); //suzy:sewing
}

	fclose ($fd);
	$j=sizeof($buffer);
	for ($i = 0;$i <= $j; $i++) {			//breaks list apart into users and passwords
		list( $user[$i], $pass[$i] ) = split( ":", $buffer[$i]);
	}
	return;
}

Function auth_header() {

            Header("WWW-Authenticate: Basic realm=\"The Crazy Train\"");
	Header("HTTP/1.0 401 Unauthorized");
	echo "Error Logging In.  Refresh to try again\n";
            exit;
}

Function authenticate() {

	getdb();

	$PHP_AUTH_USER = Strtoupper($PHP_AUTH_USER); 	//converts to uppercase
	$PHP_AUTH_PW = Strtoupper($PHP_AUTH_PW);	// same thing
	for ($i=0;$i<=$j;$i++) {
		$user[$i] = Strtoupper($user[$i]);
		$pass[$i] = Strtoupper($pass[$i]);

		if (("$user[$i]" == "$PHP_AUTH_USER") && ("$pass[$i]" == "$PHP_AUTH_PW")) {
			$auth=1;
		}
	}
	if (!isset($auth)) {
		$auth = 0;
	}
	return;
}

if (!isset($PHP_AUTH_USER)){
	auth_header();
}
else {
	authenticate();
	if ($auth != 1){
		auth_header();
	}
}

?>
Regular html here or leave blank and use require('auth.php'); at the top of other pages to secure them
----end auth.php

techjosh

i probably should say what happens when the script is run... silly me
when you run you get an endless loop of username/password dialog boxes popping up and if you hit cancel the message "Error logging in. refresh to try again" is displayed

TechJosh wrote:

	fclose ($fd);
	$j=sizeof($buffer);
	for ($i = 0;$i <= $j; $i++) {			//breaks list apart into users and passwords
		list( $user[$i], $pass[$i] ) = split( ":", $buffer[$i]);
	}
	return;
}

Function auth_header() {

            Header("WWW-Authenticate: Basic realm=\"The Crazy Train\"");
	Header("HTTP/1.0 401 Unauthorized");
	echo "Error Logging In.  Refresh to try again\n";
            exit;
}

Function authenticate() {

	getdb();

	$PHP_AUTH_USER = Strtoupp....

techjosh

Never mind, i got it.
here it is for all those curious...
---begin auth.php
<?php

if (!isset($PHP_AUTH_USER)) {
            Header("WWW-Authenticate: Basic realm=\"The Crazy Train\"");
	Header("HTTP/1.0 401 Unauthorized");
	echo "Error Logging In.  Refresh to try again\n";
	exit;
}

while ((!isset($auth)) || ($auth != 1)) {
	$filename = "/path/to/webpass.txt";		//path to password list
	$fd = fopen ($filename, "r");			//webpass.txt looks like this:
	$i = 0;						//username:password
	for ($i = 0;!feof($fd);$i++) {			//bob:fishing
		$buffer[$i] = fgets($fd, 4096);		//suzy:sewing
	}

	fclose ($fd);
	$j=sizeof($buffer);

	for ($i = 0;$i <= $j; $i++) {			//breaks list apart into users and passwords
		list( $user[$i], $pass[$i] ) = split( ":", $buffer[$i]);
		$user[$i] = trim($user[$i]);
		$pass[$i] = chop($pass[$i]);
		if ((!strcasecmp($user[$i],$PHP_AUTH_USER)) && (!strcasecmp($pass[$i],$PHP_AUTH_PW))) {
			$auth=1;
			break;
		}
	}
	if ($auth == 1) { break; }
	else {
            	Header("WWW-Authenticate: Basic realm=\"The Crazy Train\"");
		Header("HTTP/1.0 401 Unauthorized");
		echo "Error Logging In.  Refresh to try again\n";
		exit;
	}
}

?>
---end auth.php
one thing, be sure to upload your password list in ascii mode or else it screws up.