I created something that searches a file to see if the username and password match to anything in that file. It works by inducing an authorization requires through raw html headers. PHP stores the values from the pop-up thing in $PHP_AUTH_USER, $PHP_AUTH_PW and $PHP_AUTH_TYPE.
My problem is that when you press cancel when it first pops up, it'll accept the 'cancel' as a legit username and password! The strange thing is if you enter an incorrect username and password, then press cancel it'll proceed to the Authorization Requires screen I made...
This is my code so far:
<?
$dir = dirname($SCRIPT_FILENAME);
if (strstr($dir,"secure")){
if (!isset($PHP_AUTH_USER)) {
// If empty, send header causing dialog box to appear
header('WWW-Authenticate: Basic realm="Admin"');
header('HTTP/1.0 401 Unauthorized');
} else if (isset($PHP_AUTH_USER)) {
// If non-empty, open file containing valid user info
$filename = "../usr.txt";
$fp = fopen($filename, "r");
$file_contents = fread($fp, (filesize($filename) - 1));
fclose($fp);
// Place each line in user info file into an array
$line = explode("\n", $file_contents);
// For as long as $i is <= the size of the $line array,
// explode each array element into a username and password pair
for( $i = 0; $i < count($line) ; $i++)
{
$data_pair = explode("mp579t57fg;", $line[$i]);
if (($data_pair[0] == $PHP_AUTH_USER) && (strrev($data_pair[1]) == $PHP_AUTH_PW)) {
$auth = 1;
}
}
if ($auth == "1") {
} else {
header('WWW-Authenticate: Basic realm="Admin Area"');
header('HTTP/1.0 401 Unauthorized');
require_once("../../include/header.inc");
CommonHeader("../../../images/admin.jpg", 375);
echo '<center>';
echo $PHP_AUTH_TYPE;
echo 'Authorization Required.';
echo '</center><br>';
include("../../include/footer.inc");
exit;
}
}
}
?>
Thanks in advance 🙂
