I need help about authentication!!!!!!!!

mhercog

<?php

header('WWW-Authenticate: Basic realm="Private"');
header('HTTP/1.0 401 Unauthorized');
exit;
?>
Why this does not work?
I always get this error in my "error.log":
[Fri May 04 21:36:24 2001] [error] [client 127.0.0.1] malformed header from script. Bad header=HTTP/1.0 401 Unauthorized: c:/phpdev3/php/php.exe

This is what browser(IE 5.5) return:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, admin@firepages.com.au and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Apache/1.3.19 Server at localhost Port 80

What i need to do?
I think that something wrong in "httpd.conf" (big maybe).
!!!!!!Please help.!!!!!!!
Thanks!!!!!!!!!

OS=win98
php version=4.02
sever=apache

fandelem

here is my auth function. you can easily copy this into the top of your script if you wish:

function auth($user = "admin", $pass = "admin123", $msg = "Admin Area") {
// this will return TRUE(1) if user matches password and username
// and will return FALSE(0) if user does not match
// test by: if ( !auth($user, $pass, $msg) ) { echo "access denied";exit; }

global $PHP_AUTH_USER,$PHP_AUTH_PW; // needed.

if ( !isset($PHP_AUTH_USER) ) {
header("WWW-Authenticate: Basic realm=".$msg."");
header ('HTTP/1.0 401 Unauthorized');
echo 'Authorization Required.';
return 0;
}

else if ( isset($PHP_AUTH_USER) ) {
if ( ($PHP_AUTH_USER != $user) || ($PHP_AUTH_PW != $pass) ) {
header("WWW-Authenticate: Basic realm=".$msg."");
header ('HTTP/1.0 401 Unauthorized');
echo 'Authorization Required.';
return 0;
} else {
return 1;
}
}
}

hope this could help,

kyle

Anon

As you may know by now the cause of the Internal Server Error is the line:

Header('HTTP/1.0 401 Unauthorized');

to avoid the error use:

Header("status: 401 Unauthorized");

This HTTP/1.0 error only occurs on PHP installed as a CGI. Although this fix avoid the server error, you won't be able to catch $PHP_AUTH_USER, $PHP_AUTH_PW and $PHP_AUTH_TYPE, because those variables are not available on PHP installed as CGI.

This is an excerpt from the PHP manual:

The HTTP Authentication hooks in PHP are only available when it is running as an Apache module and is hence not available in the CGI version.

Regards