I have scraped together a user_auth type password protect script. It
validates users against a text file, and carries the data on to the secure
pages with sessions.
The script basically works fine, in fact on my IIS localhost it works
perfectly. However, when i u/l to my Unix Apache web space, i get a strange
occurance?
What happens is...if you enter no details on the login page and then click
submit, you get the "ThankYou" message, when you should be getting the
"Sorry" message??
On my IIS localhost it works properly and i get the "Sorry " message when i
press submit with no details entered!
Why is this happening?
Demo here: http://netdog.net/login.php (best viewed in IE5+)
Enter no details and click login.(you get the wrong message) Now, enter name
"robert" with no pass (you get the right message)
If you enter user: guest and pass: RxegXHNEV9GpM you get in as you should
, with no errors!
the offending page here:
<?php
$auth = false;
if (isset( $PHP_AUTH_USER ) && isset($PHP_AUTH_PW)) {
$filename = ("/path/to/passwords.txt");
$fp = fopen( $filename, 'r' );
$file_contents = fread( $fp, filesize( $filename ) );
fclose( $fp );
$lines = explode ( "\n", $file_contents );
foreach ( $lines as $line ) {
list($username,$password,$tc,$fc) = explode(':', $line );
// echo '<br>';
// echo $username;
// echo ' : ';
// echo $password;
// echo '<br>';
if (( $username == "$PHP_AUTH_USER" ) && ( $password == "$PHP_AUTH_PW" )) {
$auth = true;
break;
}
}
}
//=================session start=============================
if ($auth)
{
session_start();
session_register("loginname");
$loginname=$PHP_AUTH_USER;
session_register("area1access");
session_register("area2access");
}
/ add more variables here as you expand your site /
//===========================================================
?>
<head>
<style>
<!--
BODY{
scrollbar-face-color:#6600CC;
scrollbar-arrow-color:#FF0000;
scrollbar-track-color:#6666CC;
scrollbar-shadow-color:#000000;
scrollbar-highlight-color:;
scrollbar-3dlight-color:#6600FF;
scrollbar-darkshadow-Color:#000000;
}
-->
</style>
<style>
FONT,body,td,b,table {font-family : Arial;font-size : 14px;}
a,a:hover,.link{font-family: arial;font-size: 8pt;font-color: 66666;}
input, option
{
border-color:#3C3C3C;
border-width:1;
font-family:tahoma,verdana, Helvetica;
font-size:12;
background-color:#eeeeee;
color:#3C3C3C;
}
select
{
border-color:#3C3C3C;
border-width:1;
font-family:Arial, Helvetica;
font-size:12px;
color:#3C3C3C;
background-color:#FFFFFF;
}
textarea
{
border-color:#3C3C3C;
border-width:1;
overflow:hidden;
font-family:tahoma,Arial, Helvetica;
font-size:12;
color:#000000;
background-color:#eeeeee;
}
input.submit {
background-color: #e0e0e0;
font-weight: bold;
}
</style>
<style>
a{text-decoration:none}
</style>
</head>
<body bgcolor="#6666cc">
<?php
// ==================Header + IP Checking======================
$updated_from=getenv("REMOTE_ADDR");
print ('
<div align="center">
<center><table border="1" cellpadding="0" cellspacing="0" width="667" bgcolor="#6600CC" bordercolor="#000000"><tr>
<td width="100%">
<p align="center"><font color="#FFFFFF" size="0"> Connected from (IP): ');
print '<font color="#FFFF00">';
print $updated_from;
print '</font></font><font color="#FFFF00" size="0"> </font><font color="#FFFFFF"><font size="0"> |
<font size="1"> Your username - </font>';
print '<font color="#FFFF00">';
print $PHP_AUTH_USER;
print '</font></font></font><font color="#0000FF" size="0"> </font><font color="#FFFF00" size="0">
</font></p></td></tr></table></center><br></div>';
// ==================end - Header + IP Checking======================
// ==================on support or not=======================
if (! $auth)
{
echo '<br> You used username: ';
echo $PHP_AUTH_USER;
echo '<br> You used password: ';
echo $PHP_AUTH_PW;
echo '<br>';
echo '<br><center>';
echo '<br>';
echo '<p><font color="#000000"><b>Sorry, but this is wrong. Authorization with right username and password is Required!</b></font></p>';
exit;
}
if (($auth) and ($tc == '1'))
{
print '<b><font color="#000000" size="1">- You are authorized for access area 1.</font></b><br>' ;
$area1access="y";
}
if (($auth) and ($fc == '1'))
{
print '<b><font color="#000000" size="1">- You are authorized for access area 2.</font></b><br>' ;
$area2access="y";
}
if (($auth) and ($tc == '0'))
{
print '<b><font color="#FF0000" size="1">- You are not authorized for access area 1.</font></b><br>' ;
}
if (($auth) and ($fc == '0'))
{
print '<b><font color="#FF0000" size="1">- You are not authorized for access area 2.</font></b><br>' ;
}
// ==================end -- on support or not=======================
// ==================buttons=======================
if (($auth) and ($tc == '1'))
{
print '<a href="secure_area.php"><font face="Arial, Helvetica, sans-serif"><b><font size="4" color="#FFFFFF">Area 1</font></b></font> </a><br>';
}
if (($auth) and ($fc == '1'))
{
print '<a href="secure_area2.php"><font face="Arial, Helvetica, sans-serif"><b><font size="4" color="#FFFFFF">Area 2</font></b></font> </a>';
}
// ==================end buttons=======================
if ($auth)
{
echo '<b><center><font size="1">Thank you. You were authorized with right username and password!</font></b>';
}
?>
Can anyone help me?
I am very new to PHP but this code looks ok to me!
Why will this work on IIS and not Apache?
I am tearing my hair out over this!(and i am nearly bald anyway!)
plz help kind person!
TIA
