PHP Global

Anon

I remember before if you made the little "security pop-up box" through raw headers appear, the input the user entered was stored in the PHP globals $PHP_AUTH_USER, $PHP_AUTH_PW and $PHP_AUTH_TYPE.
Anyways, I was wondering why my security code wasn't working so I did some testing and found out it wasn't regestering the password I entered into the security popup box. This is my code currently, it's a bit long and messy:

$dir = dirname($SCRIPT_FILENAME);
if (strstr($dir,"secure"))
{
if (!isset($PHP_AUTH_USER))
{
Header("WWW-Authenticate: Basic realm=Admin");
Header("HTTP/1.0 401 Unauthorized");
require_once("../../include/header.inc");
CommonHeader("../../../images/admin.jpg", 375);
echo '<center>';
echo 'Authorization Required.';
include("../../include/footer.inc");
exit;
} else {

            $line = file($admininfo);

            // For as long as $i is <= the size of the $line array,
            // explode each array element into a username and password pair

            for( $i = 0; $i < count($line) ; $i++)
            {
                    $datapair = explode("terjtrt596mpter20;", $line[$i]);
                    $password = strrev($datapair[1]);

                    if (($PHP_AUTH_USER == $datapair[0]) && ($PHP_USER_PW == $password))
                    {
                    $auth = "1";
                    break;
                    } else {
                    $auth = "0";
                    }
            }

            if ($auth == "1")
            {
            } else {
                    Header("WWW-Authenticate: Basic realm=Admin");
                    Header("HTTP/1.0 401 Unauthorized");
                    require_once("../../include/header.inc");
                    CommonHeader("../../../images/admin.jpg", 375);
                    echo '<center>';
                    echo 'Authorization Required.';

print ("$PHP_AUTH_USER $datapair[0] $PHP_USER_PW $password ");
include("../../include/footer.inc");
exit;
}
}
}

Anon

Probably because you are calling it $PHP_USER_PW instead for $PHP_AUTH_PW.

Anon

Lol, thank you for pointing that out.
Ok, I changed it to $PHP_AUTH_PW. Now it recognizes my password, and the password it retrieves from the file, but strangely it won't let me view my "secure" page still. I'm not sure why it's not recognizing my username and password as the same username and password in the file.

Anon

If you look at the code closely, you can see I told the script to tell you the Username and Password you entered, as well as the Username and Password in the file. This is output when I enter in the correct user and pass (I made "username" as the correct username and "password" as the correct password):

username
username

password
password

I can't see why it doesn't consider "username == username" or "password == password"??

Anon

Try using trim() to remove white space, CR, LF, etc from the fields before you compare them.

-- Rich Rijnders
-- Irvine, CA US

Anon

Thanks man! Don't know why there'd be white spaces but thanks! 🙂

Anon

Looks like you were reading from a text file. My guess is that there were CR/LF at the end of the password or something...

Glad I could help.

-- Rich Rijnders
-- Irvine, CA US