Hi,
I have been using HTTP Authentication to password protect a website. This has been working fine until now!! The problem is that a the client has done something to their proxy server and now it is storing their usernames & passwords between sessions, which is obviously a security issue.
This is the code I am using as an include file on all pages which need to be protected, if anyone has any ideas what the problem is please let me know ASAP!!
<?php
$auth = false;
if (isset( $PHP_AUTH_USER ) && isset($PHP_AUTH_PW)) {
mysql_connect( 'localhost', 'username', 'password' )
or die ( 'Unable to connect to server.' );
mysql_select_db( 'database_name' )
or die ( 'Unable to select database.' );
$sql = "SELECT * FROM profile,login WHERE
login.username = '$PHP_AUTH_USER' AND
login.password = '$PHP_AUTH_PW' AND login.number=profile.number";
$result = mysql_query( $sql )
or die ( 'Unable to execute query.' );
$num = mysql_numrows( $result );
if ( $num != 0 ) {
$auth = true;
}
else {
$sql = "SELECT * FROM special_users WHERE
username = '$PHP_AUTH_USER' AND
password = '$PHP_AUTH_PW'";
$result = mysql_query( $sql )
or die ( 'Unable to execute query.' );
$num = mysql_numrows( $result );
if ( $num != 0 ) {
$auth = true;
}
}
}
if (!$auth) {
header( 'WWW-Authenticate: Basic realm="Private"' );
header( 'HTTP/1.0 401 Unauthorized' );
echo "<script>window.open('noentry.htm','noentry','width=300,height=280,left=250,top=200')</script>";
echo "<meta http-equiv=\"refresh\" content=\"0;url=homepage.htm\">";
exit;
}
?>
Thanks
Mike
www.digitalegg.net
